Search...

Flippy My Life Stories 2.0 XSS Vulnerability

2015-07-22T00:00:00

ID 1337DAY-ID-23917
Type zdt
Reporter Conslight
Modified 2015-07-22T00:00:00

Description

Flippy My Life Stories 2.0 is a CMS allowing to create a everyday story website.#### Usage Info 1: Go to http://website.fr/register.html 2: In "nickname" type Javascript code like <script>alert(2)</script> 3: Go to http://website.fr/userlogin.html and Log in 4: Click on "My Stories", it will lead you on the vulnerable page.

                                        
                                            _________                              .__    .__     ____   .__        __   
\_   ___ \    ____     ____     ______ |  |   |__|   / ___\  |  |__   _/  |_ 
/   \  \/   /  _ \   /    \   /  ___/ |  |    |  |  / /_/  &gt; |  |  \  \   __\
\    \____ (  &lt;_&gt; ) |   |  \  \___ \  |  |__  |  |  \___  /  |   Y  \  |  |  
 \_______/  \____/  |___|__/ /______&gt; |____/  |__|  /____/   |___|__/  |__|  
                                                                                   

Cross-Site Scripting in Flippy My Life Stories 2.0

Information 
-------------------- 

# Exploit Title: Cross-Site Scripting in Flippy My Life Stories 2.0
# Date: 22/07/2015
# Author: Conslight
# Vendor Homepage: http://www.flippyscripts.com/
# Version: 2.0
# Tested on: Debian & Windows 7
# Type : Stored XSS

Description 
-------------------- 
Stored XSS is available on register system. Anyone can put Javascript code in register panel, then the code will be activate in user information panel.

Details 
-------------------- 
Everything is explained on the video.

1: Go to http://website.fr/register.html
2: In "nickname" type Javascript code like &lt;script&gt;alert(2)&lt;/script&gt;
3: Go to http://website.fr/userlogin.html and Log in
4: Click on "My Stories", it will lead you on the vulnerable page.
	 
Vidéo 
-------------------- 
https://youtu.be/gPutq4uCXSQ

#  0day.today [2018-03-14]  #

JSON Vulners Source

Initial Source

{"id": "1337DAY-ID-23917", "lastseen": "2018-03-14T10:18:25", "viewCount": 10, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-03-14T10:18:25", "rev": 2}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10861", "SECURITYVULNS:DOC:23917"]}], "modified": "2018-03-14T10:18:25", "rev": 2}, "vulnersScore": 0.4}, "type": "zdt", "sourceHref": "https://0day.today/exploit/23917", "description": "Flippy My Life Stories 2.0 is a CMS allowing to create a everyday story website.#### Usage Info\n1: Go to http://website.fr/register.html\r2: In \"nickname\" type Javascript code like <script>alert(2)</script>\r3: Go to http://website.fr/userlogin.html and Log in\r4: Click on \"My Stories\", it will lead you on the vulnerable page.", "title": "Flippy My Life Stories 2.0 XSS Vulnerability", "cvelist": [], "sourceData": "_________ .__ .__ ____ .__ __ \r\n\\_ ___ \\ ____ ____ ______ | | |__| / ___\\ | |__ _/ |_ \r\n/ \\ \\/ / _ \\ / \\ / ___/ | | | | / /_/ > | | \\ \\ __\\\r\n\\ \\____ ( <_> ) | | \\ \\___ \\ | |__ | | \\___ / | Y \\ | | \r\n \\_______/ \\____/ |___|__/ /______> |____/ |__| /____/ |___|__/ |__| \r\n \r\n\r\nCross-Site Scripting in Flippy My Life Stories 2.0\r\n\r\nInformation \r\n-------------------- \r\n\r\n# Exploit Title: Cross-Site Scripting in Flippy My Life Stories 2.0\r\n# Date: 22/07/2015\r\n# Author: Conslight\r\n# Vendor Homepage: http://www.flippyscripts.com/\r\n# Version: 2.0\r\n# Tested on: Debian & Windows 7\r\n# Type : Stored XSS\r\n\r\nDescription \r\n-------------------- \r\nStored XSS is available on register system. Anyone can put Javascript code in register panel, then the code will be activate in user information panel.\r\n\r\nDetails \r\n-------------------- \r\nEverything is explained on the video.\r\n\r\n1: Go to http://website.fr/register.html\r\n2: In \"nickname\" type Javascript code like <script>alert(2)</script>\r\n3: Go to http://website.fr/userlogin.html and Log in\r\n4: Click on \"My Stories\", it will lead you on the vulnerable page.\r\n\t \r\nVid\u00e9o \r\n-------------------- \r\nhttps://youtu.be/gPutq4uCXSQ\n\n# 0day.today [2018-03-14] #", "published": "2015-07-22T00:00:00", "references": [], "reporter": "Conslight", "modified": "2015-07-22T00:00:00", "href": "https://0day.today/exploit/description/23917"}