InselPhoto 1.1 - Cross-Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057463 漏洞类型
发布时间 2009-02-16 更新时间 2009-02-16
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8057
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
###########################################################
# Software: InselPhoto v1.1 Persistent XSS Vulnerability  #
# Discovered by: Paul Hand aka rAWjAW                     #
# Blog: http://rawjaw-security.blogspot.com               #
# E-mail: phand3754<at>gmail<dot>com                      #
# Shouts: rBg && eternal_security                         #
###########################################################

For this Persistent XSS to work you have to:
1. Create a user account
2. Create an album
3. Upload any picture to the photo album you created and put as the description something such as: <script>alert(document.cookie)</script>
4. Now have anyone view your slideshow!

# milw0rm.com [2009-02-16]