17 lines
No EOL
597 B
Text
Executable file
17 lines
No EOL
597 B
Text
Executable file
# Exploit Title: crea8social 1.3 Stored XSS Vulnerability
|
|
# Date: 24-10-2014
|
|
# Exploit Author: Halil Dalabasmaz
|
|
# Version: v1.3
|
|
# Vendor Homepage: http://codecanyon.net/item/crea8social-php-social-networking-platform-v13/9211270
|
|
# Tested on: Chrome & Iceweasel
|
|
|
|
# Vulnerability Description:
|
|
|
|
===Stored XSS===
|
|
Create a page from "Pages" (/pages) section. "Page Website" input is not secure. You can run XSS payloads on "Page Website" input.
|
|
|
|
Sample Payload for Stored XSS: http://example.com/">[xssPayload]
|
|
|
|
=Solution=
|
|
Filter the input field against to XSS attacks.
|
|
================ |