ClipShare Pro 4.1 Persistent XSS Vulnerability

2010-11-14T00:00:00
ID 1337DAY-ID-14819
Type zdt
Reporter Th3 RDX
Modified 2010-11-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==============================================
ClipShare Pro 4.1 Persistent XSS Vulnerability
==============================================

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Exploit Title: ClipShare Pro 4.1 Persistent XSS Vulnerability
# Date: 13-11-2010
# Author: Th3 RDX
# Software Link: http://www.clip-share.com/order/
# Version:  4.1
# Price: $452
# Tested on: Demo Site
# category: webapp
# Code : n/a
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Br0wn Sug4r,
Sid3^effects, L0rd CruSad3r,
Sonic , r0073r(inj3ct0r.com)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
<3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R,
DarkL00k, G00g!3 [email protected]!0r,
str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                                 INDIAN CYBER ARMY
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

##############################################################################
%//

----- [ Founder ] -----

       Th3 RDX

----- [ E - mail ] -----

   [email protected]


                                                       %\\
##############################################################################

##############################################################################
%//

----- [Title] -----

ClipShare Pro 4.1 Persistent XSS Vulnerability

----- [ Vendor ] -----

http://www.clip-share.com
                                                       %\\
##############################################################################

##############################################################################
%//

----- [ Bug (s) ] -----

----- [ Persistent XSS ] -----

Proof of Concepts:
------------------

Step 1) Login into admin Section

Link: http://clipshare/siteadmin/

Step 2) Go to Advertising

-[XSS Bug present in following]-

=> Add Banner / Edit Banner

-[XSS Code]-

=> "><script>alert(document.cookie)</script>

Step 3) Enter your Attack Pattern to title of banner

Step 4) Refresh and View your adds

Note: The XSS Also remains in admin panel

XSS IS ALSO AVAILABLE IN VIDEO MANAGING SECTION

                                                   %\\
##############################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=> PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam

=> c0d3 for motherland, h4ck for motherland

==> i'm worst than a useless <==
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.

Bug discovered : 13 November 2010

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

#End 0Day#



#  0day.today [2018-04-11]  #