facebook facebook twitter rss

Mom Powered Media - Stored XSS Vulnerability

Author: s0w , Published: 18-04-2015
######################################################################

[+] Title: Mom Powered Media - Stored XSS Vulnerability

[+] Exploit Author: s0w

[+] Date: 17/04/2015

[+] Tested On Windows & Linux

[+] Type: Web Application

[+] Company Home Page: http://mompoweredmedia.com

[+] Vulnerability in: Search Box [ POST Method ] && Variable Infected is => ?s=

[+] Google Dork : intext:"Mom Powered Media"

#######################################################################


[+] Exploit :

1. Open Sites in Your browser ..

2. Add a new search with XSS code like alert in method [POST] ;)

3. Use this in Cookies,alerts, Or TrafficBots Have Fun :D !!


[+] XSS P0c: "--><script>alert(/s0w/)</script>


# Discovered By: s0w

# Contact: fb.com/s0w.egy

# Mail: <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="592a692e2129693a193e34383035773a3634">[email protected]</a><script cf-hash='f9e31' type="text/javascript">
/* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */</script>

## Thanks 4 Egyptian Shell team & Sec4ever

Like us on Facebook :