Crea8Social 2.0 – Cross-Site Scripting Change Interface

• Exploit Database
• 16 阅读

• 作者： Yudhistira B W
  日期： 2015-01-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35691/

• # Exploit Title: Crea8Social v.2.0 XSS Change Interface
  # Google Dork: intext:Copyright © 2014 CreA8social.
  # Date: January 3, 2015
  # Exploit Author: r0seMary
  # Vendor Homepage: http://crea8social.com
  # Software Link: http://codecanyon.net/item/crea8social-php-social-networking-platform-v20/9211270 or http://crea8social.com
  # Version: v.2.0 (Latest version)
  # Tested on: Windows 7
  # CVE : -
  ================================================================================
  Bismillahirahmanirahim
  Assalamualaikum Wr.Wb
  
  --[Fatal Xss Vulnerability]--
  1. Register on the site
  2. Go to Menu, Click Game
  3. Add Game
  4. At Game Content, enter your xss code. for example:
  <script>document.body.innerHTML="your text here"</script><noscript>
  
  look at the result, the user interface change into your xss code ;)
  
  Proof of Concept:
  http://104.131.164.9/demo/games/124 (Crea8Social Official Site)
  
  ./r0seMary
  Wassalamualaikum.wr.wb