Multiplayer BlackJack Online Casino Game 2.5 – Cross-Site Scripting

• Exploit Database
• 40 阅读

• 作者： L0RD
  日期： 2018-05-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44627/

• # Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting
  # Date: 2018-05-16
  # Exploit Author: L0RD
  # Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628
  # CVE: N/A
  # Version: 2.5
  
  # Description : Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker
  #can set malicious payload into the vulnerable parameter.
  
  # POC :
  1) click on the "sit" button in the web page
  2) Put this payload into the "name" input and set wallet number :
  <script>alert(document.domain)</script>
  3) You will get an alert box in the page .