1873a7d234
12 changes to exploits/shellcodes WhatsApp 2.18.31 - Memory Corruption Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Libuser - roothelper Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery VirtueMart 3.1.14 - Persistent Cross-Site Scripting Rockwell Scada System 27.011 - Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
15 lines
No EOL
668 B
Text
15 lines
No EOL
668 B
Text
# Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting
|
|
# Date: 2018-05-16
|
|
# Exploit Author: L0RD
|
|
# Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628
|
|
# CVE: N/A
|
|
# Version: 2.5
|
|
|
|
# Description : Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker
|
|
# can set malicious payload into the vulnerable parameter.
|
|
|
|
# POC :
|
|
1) click on the "sit" button in the web page
|
|
2) Put this payload into the "name" input and set wallet number :
|
|
<script>alert(document.domain)</script>
|
|
3) You will get an alert box in the page . |