Wallpaper Script 3.5.0082 – Persistent Cross-Site Scripting

• Exploit Database
• 34 阅读

• 作者： null pointer
  日期： 2013-12-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/30356/

• [~] Exploit Title : Wallpaper Script Stored XSS Vulnerability
  [~] D0rk Google : 
  [~] Author : nullp0int3r (0x00p0int3r@gmail.com)
  [~] Version : 3.5.0082
  [~] Date : 2013-12-14
  [~] Vendor Homepage: http://www.wallpaperscript.com/
  [~] Test on : Windows
  
  
  Exploitation:
  1) Register and log on as a regular member
  2) Click on "Add Wallpaper"
  3) Write in the title field: </title><script>alert("XSS")</script>
  4) Fill other fields and choose a photo and click on "Save"
  5) Go to "My Wallpapers"
  6) Select your uploaded photo
  
  Thanks:
  Enddo
  Far3nh3it