Bilboplanet 2.0 – Multiple Cross-Site Scripting Vulnerabilities

• Exploit Database
• 8 阅读

• 作者： Vivek N
  日期： 2014-07-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34089/

• # Exploit Title: Multiple XSS vulnerabilities in Bilboplanet application
  # Date: 10/15/13
  # Exploit Author:Vivek N
  # (http://nvivek.weebly.com/)
  # Vendor Homepage: http://www.bilboplanet.com/
  # Software Link: www.bilboplanet.com/index.php/downloads/?lang=en
  # Version: 2.0
  # Tested on: Windows
  # CVE :
  
  1. StoredXSS Vulnerability when creating and updating tribesin
   http://localhost/bilboplanet/user/?page=tribes
   POST Parameter: tribe_name
  2. Stored XSS vulnerability when adding tag
  http://localhost/bilboplanet/user/?page=tribes
  POST Parameter: tags
  3. Stored XSS in parameters : user_id and fullname
  http://127.0.0.1/bilboplanet/signup.php