Mouse Media Script Stored XSS Vulnerability

2014-11-05T00:00:00
ID 1337DAY-ID-22820
Type zdt
Reporter Halil Dalabasmaz
Modified 2014-11-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Login to system and upload any of your image. When uploading the image you need to enter the XSS Payload to "Title" and "Description" inputs.  And then you can visit home page to check the uploaded payload. All these uploaded image and payload were completed succesfully then all visitors and logged users will be affected by this vulnerability.

Note: If use "Title" input for XSS Attack then payload run under home page and image page. So all visitors and logged users will be affected by this vulnerability. If use "Description" input for XSS Attack then payload run under image page so payload will be run only image page.

Sample Payload: "><script>alert(document.cookie);</script>

#  0day.today [2018-03-01]  #