Multiplayer BlackJack Online Casino Game 2.5 Cross Site Scripting

2018-05-16T00:00:00
ID PACKETSTORM:147656
Type packetstorm
Reporter L0RD
Modified 2018-05-16T00:00:00

Description

                                        
                                            `# Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting  
# Date: 2018-05-16  
# Exploit Author: L0RD  
# Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628  
# CVE: N/A  
# Version: 2.5  
  
# Description : Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker  
# can set malicious payload into the vulnerable parameter.  
  
# POC :  
1) click on the "sit" button in the web page  
2) Put this payload into the "name" input and set wallet number :  
<script>alert(document.domain)</script>  
3) You will get an alert box in the page .  
  
  
`