Social Microblogging PRO 1.5 Cross Site Scripting

2015-01-02T00:00:00
ID PACKETSTORM:129785
Type packetstorm
Reporter Halil Dalabasmaz
Modified 2015-01-02T00:00:00

Description

                                        
                                            `# Exploit Title: Social Microblogging PRO 1.5 Stored XSS Vulnerability  
# Date: 29-12-2014  
# Exploit Author: Halil Dalabasmaz  
# Version: v1.5  
# Vendor Homepage:  
http://codecanyon.net/item/social-microblogging-pro/9217005  
# Tested on: Chrome & Iceweasel  
  
# Vulnerability Description:  
  
===Stored XSS===  
"Web Site" input is not secure at Profile section. You can run XSS payloads  
on "Web Site" input.  
  
Sample Payload for Stored XSS: http://example.com/">[xssPayload]  
  
=Solution=  
Filter the input field against to XSS attacks.  
================  
  
`