VidiScript version 1.0.3a suffers from persistent cross site scripting vulnerabilities.
4156b42d565a243892f374085fd5bf48#################################################################################################
# __________.__ _________ _________
# \__ ___/| |__ ____ \_ ___ \_______ ______ _ ________ \_ ___ \_______ ______ _ __
# | | | | \_/ __ \ / \ \/\_ __ \/ _ \ \/ \/ / ___/ / \ \/\_ __ \_/ __ \ \/ \/ /
# | | | Y \ ___/ \ \____| | \( <_> ) /\___ \ \ \____| | \/\ ___/\ /
# |____| |___| /\___ > \______ /|__| \____/ \/\_//____ > \______ /|__| \___ >\/\_/
# \/ \/ \/ \/ \/ \/
#
#
#http://thecrowscrew.org
##################################################################################################
# Exploit Title: VidiScript Persistent XSS Vulnerability
# Author: Gabby
# Google Dork: Powered By VidiScript 1.0.3a
# Software Link: http://www.vidiscript.com/
##################################################################################################
poc :
1. register first -> http://site.com/register.php
than go to edit ur profile on http://site.com/usermenu/profile
put ur xss script on "About Me" form
u will find ur xss on http://site.com/profile/ur_user_name
2. register first -> http://site.com/register.php
go to http://site.com/upload
give a title on title form,..
put ur xss script on "description" form.. (in this case u can put ur xss script on "description" form n "embed code" form.. }
chose the category.. upload ur fake file use .mp4 / .flv / .mp3 / .jpg / etc
n upload,.
u will find ur xss on :
http://site.com/play/category/ur_title
example :
http://www.mymediaempire.com/profile/bie
http://www.kontraktkillers.eu/profile/bie
http://arryn.be/vidiscript/profile/bie
http://www.yehtronservices.info/vidi/play/Main_Category/tes
http://www.yehtronservices.info/vidi/play/Main_Category/bie
http://restaurantsinmytown.com/video/play/Restaurant_Reviews/bie
http://uxoservices.com/videostream/play/Main_Category/bie
#################################################################################################
Thanks to :
Catalyst71, kit4r0, 777r, ovanIsmycode, walangkaji, y0g4, my "Dad", my sista Wii, cW3 G4pt3K,
Red-x, Vanda, Deb, Sultan, Meninbox, Jr Blender, n all my luvly friend,..
Greets to :
Yogyacarderlink, SurabayaBlackhat,..^^
luv to Bruno mars,. ayem_lagi_galau_tengkiu_buat_lagunya -_-
#################################################################################################
© 2015 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!