Social Microblogging PRO 1.5 – Persistent Cross-Site Scripting

Exploit Database
40 阅读

作者： Halil Dalabasmaz

日期： 2014-12-31
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35659/

# Exploit Title: Social Microblogging PRO 1.5 Stored XSS Vulnerability
# Date: 29-12-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.5
# Vendor Homepage:
http://codecanyon.net/item/social-microblogging-pro/9217005
# Tested on: Chrome & Iceweasel

# Vulnerability Description:

===Stored XSS===
"Web Site" input is not secure at Profile section. You can run XSS payloads
on "Web Site" input.

Sample Payload for Stored XSS: http://example.com/">[xssPayload]

=Solution=
Filter the input field against to XSS attacks.
================

last Exploits
Social Microblogging PRO 1.5 – Persistent Cross-Site Scripting的更多信息

PHP-Fusion – Local File Inclusion：
Zabbix 4.2 – Authentication Bypass：
phpscripte24 Vor und Rückwärts Auktions System – Blind SQL Injection：
GeoVision Geowebserver 5.3.3 – Local FIle Inclusion：
WordPress Plugin Flip Book – ‘PHP.php’ Arbitrary File Upload：
Joomla! Component JRadio – Local File Inclusion：
ProjectSend r-561 – Arbitrary File Upload：
Campsite CMS – Remote Persistent Cross-Site Scripting：