Lucene search
K

WallScript-Powerful Wallpaper Site Script Persistent Xss Vulnerability

🗓️ 23 Oct 2010 00:00:00Reported by Sid3^effectsType 
zdt
 zdt
🔗 0day.today👁 274 Views

WallScript-Powerful Wallpaper Site Script Persistent Xss Vulnerability - Failure to sanitize user input can lead to application compromise, data disclosure, and modification

Code
======================================================================
WallScript-Powerful Wallpaper Site Script Persistent Xss Vulnerability
======================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


Name : WallScript-Powerful Wallpaper Site Script Persistent xss Vulnerability 
Dork : Powered by WallScript Version 1.1
Vendor Url :http://www.wallscr.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
Big hugs : Th3 RDX,Hanan_butt,
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
   tranquiller,cor3hack
greetz to :Iop3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Bug :  Persistent xss Vulnerability 

The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of 

this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data.

###############################################################################################################
Steps : 

> Login to your account.
> While uploading your wall paper insert xss scripts in the description and title location.

The Xss remains not only in the user's profile but in the main site which can really create more damage.



Demo Url :http://demo.wallscript.net/abstract//%22--%3E%3Cscript%3Ealert(/w0ot/)%3C/script%3E-100.html

   http://demo.wallscript.net/
###############################################################################################################
Screenshot : 
http://img693.imageshack.us/img693/6246/wooter1.png
###############################################################################################################
Solution: 
   N/a
###############################################################################################################
# 0day no more
# Sid3^effects 



#  0day.today [2018-03-01]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

23 Oct 2010 00:00Current
7.1High risk
Vulners AI Score7.1
274