Flippy My Life Stories 2.0 XSS Vulnerability

2015-07-22T00:00:00
ID 1337DAY-ID-23917
Type zdt
Reporter Conslight
Modified 2015-07-22T00:00:00

Description

Flippy My Life Stories 2.0 is a CMS allowing to create a everyday story website.#### Usage Info 1: Go to http://website.fr/register.html 2: In "nickname" type Javascript code like <script>alert(2)</script> 3: Go to http://website.fr/userlogin.html and Log in 4: Click on "My Stories", it will lead you on the vulnerable page.

                                        
                                            _________                              .__    .__     ____   .__        __   
\_   ___ \    ____     ____     ______ |  |   |__|   / ___\  |  |__   _/  |_ 
/   \  \/   /  _ \   /    \   /  ___/ |  |    |  |  / /_/  &gt; |  |  \  \   __\
\    \____ (  &lt;_&gt; ) |   |  \  \___ \  |  |__  |  |  \___  /  |   Y  \  |  |  
 \_______/  \____/  |___|__/ /______&gt; |____/  |__|  /____/   |___|__/  |__|  
                                                                                   

Cross-Site Scripting in Flippy My Life Stories 2.0

Information 
-------------------- 

# Exploit Title: Cross-Site Scripting in Flippy My Life Stories 2.0
# Date: 22/07/2015
# Author: Conslight
# Vendor Homepage: http://www.flippyscripts.com/
# Version: 2.0
# Tested on: Debian & Windows 7
# Type : Stored XSS

Description 
-------------------- 
Stored XSS is available on register system. Anyone can put Javascript code in register panel, then the code will be activate in user information panel.

Details 
-------------------- 
Everything is explained on the video.

1: Go to http://website.fr/register.html
2: In "nickname" type Javascript code like &lt;script&gt;alert(2)&lt;/script&gt;
3: Go to http://website.fr/userlogin.html and Log in
4: Click on "My Stories", it will lead you on the vulnerable page.
	 
Vidéo 
-------------------- 
https://youtu.be/gPutq4uCXSQ

#  0day.today [2018-03-14]  #