Social Microblogging PRO 1.5 – Persistent Cross-Site Scripting

Exploit Database
98 阅读

作者： Halil Dalabasmaz

日期： 2014-12-31
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35659/

# Exploit Title: Social Microblogging PRO 1.5 Stored XSS Vulnerability
# Date: 29-12-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.5
# Vendor Homepage:
http://codecanyon.net/item/social-microblogging-pro/9217005
# Tested on: Chrome & Iceweasel

# Vulnerability Description:

===Stored XSS===
"Web Site" input is not secure at Profile section. You can run XSS payloads
on "Web Site" input.

Sample Payload for Stored XSS: http://example.com/">[xssPayload]

=Solution=
Filter the input field against to XSS attacks.
================

last Exploits
Social Microblogging PRO 1.5 – Persistent Cross-Site Scripting的更多信息

WordPress Plugin Hybrid Composer 1.4.6 – Improper Access Restrictions：
Professional Local Directory Script 1.0 – SQL Injection：
OpenCart 3.0.3.2 – Stored Cross Site Scripting (Authenticated)：
reos 2.0.5 – Multiple Vulnerabilities：
SelfComposer CMS – SQL Injection：
e107 v2.3.2 – Reflected XSS：
ContaoCMS 2.10.1 – Cross-Site Scripting：
Pharmacy Medical Store and Sale Point 1.0 – ‘catid’ SQL Injection：