27 lines
No EOL
921 B
Text
27 lines
No EOL
921 B
Text
# Exploit Title: Crea8Social v.2.0 XSS Change Interface
|
|
# Google Dork: intext:Copyright © 2014 CreA8social.
|
|
# Date: January 3, 2015
|
|
# Exploit Author: r0seMary
|
|
# Vendor Homepage: http://crea8social.com
|
|
# Software Link: http://codecanyon.net/item/crea8social-php-social-networking-platform-v20/9211270 or http://crea8social.com
|
|
# Version: v.2.0 (Latest version)
|
|
# Tested on: Windows 7
|
|
# CVE : -
|
|
================================================================================
|
|
Bismillahirahmanirahim
|
|
Assalamualaikum Wr.Wb
|
|
|
|
--[Fatal Xss Vulnerability]--
|
|
1. Register on the site
|
|
2. Go to Menu, Click Game
|
|
3. Add Game
|
|
4. At Game Content, enter your xss code. for example:
|
|
<script>document.body.innerHTML="your text here"</script><noscript>
|
|
|
|
look at the result, the user interface change into your xss code ;)
|
|
|
|
Proof of Concept:
|
|
http://104.131.164.9/demo/games/124 (Crea8Social Official Site)
|
|
|
|
./r0seMary
|
|
Wassalamualaikum.wr.wb |