Clipster Video Persistent XSS Vulnerability

vendor:

Clipster Video

by:

DaOne

8,8

CVSS

HIGH

Persistent XSS

CWE

Product Name: Clipster Video

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Clipster Video Persistent XSS Vulnerability

Clipster Video Persistent XSS Vulnerability can be exploited by entering malicious XSS code in the Username field of the Register page (http://site.com/login.php?action=Register). When a user visits the page, they will be redirected to the malicious URL specified in the XSS code.

Mitigation:

Input validation should be used to prevent malicious code from being entered into the Username field.

Source

Exploit-DB raw data:

##########################################
[~] Exploit Title: Clipster Video Persistent XSS Vulnerability 
[~] Date: 04/09/2012
[~] Author: DaOne
[~] Software Link: http://www.clipsterscript.com/
[~] Google Dork: "Powered by ClipsterScript.com"
##########################################

[#] How to exploit:

1-go to : http://site.com/login.php?action=Register
2-Put in the Username field the XSS Code => Example:<META http-equiv="refresh" content="0;URL=http://www.google.com">
3-Put anything in the other field [Password & E-mail] etc...
4-Now anyone go there : http://site.com/ will redirected to google.com or exploit your XSS Code.



##########################################
[*] Contact me
www.facebook.com/LibyanCA2
##########################################