bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/31328.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

12 lines
No EOL
844 B
Text
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

source: https://www.securityfocus.com/bid/28082/info
TorrentTrader is prone to an HTML-injection vulnerability because it fails to adequately sanitize user-supplied input.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
NOTE: This BID was previously titled 'TorrentTrader 'msg' Parameter Cross Site Scripting Vulnerability'. Following further analysis, the title and multiple details throughout have been changed to better document the issue.
TorrentTrader Classic 1.08 is affected; other versions may also be vulnerable.
http://www.example.com/account-inbox.php?msg=<script>alert(document.co­okie)</script>&receiver=<username>
Reference in a new issue View git blame Copy permalink