[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Serenity Client Management Portal Multiple Vulnerabilities

Author
Halil Dalabasmaz
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-22841
Category
web applications
Date add
10-11-2014
Platform
php
===Unrestricted File Upload===
Login to system and go to "Profile" section. Now you can upload any file or shell file from "Profile Image" section.
===

===Stored XSS===
Login to system and go to "Profile" section. Now you can run any XSS payloads on especially "Address One" or the others.

Sample Payload for XSS: "><script>alert(document.cookie);</script>

#  0day.today [2024-11-16]  #