header-logo
Suggest Exploit
vendor:
Multiplayer BlackJack - Online Casino Game
by:
L0RD
8.8
CVSS
HIGH
Persistent Cross-Site Scripting
79
CWE
Product Name: Multiplayer BlackJack - Online Casino Game
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: NO
Related CWE: N/A
CPE: a:codecanyon:multiplayer_blackjack_online_casino_game
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Web
2018

Multiplayer BlackJack – Online Casino Game 2.5 – Persistent Cross-Site scripting

Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker can set malicious payload into the vulnerable parameter. To exploit this vulnerability, an attacker can click on the 'sit' button in the web page, put a malicious payload into the 'name' input and set a wallet number.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting
# Date: 2018-05-16
# Exploit Author: L0RD
# Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628
# CVE: N/A
# Version: 2.5

# Description : Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker
#  can set malicious payload into the vulnerable parameter.

# POC :
1) click on the "sit" button in the web page
2) Put this payload into the "name" input and set wallet number :
<script>alert(document.domain)</script>
3) You will get an alert box in the page .

Navigation

Suggest Exploit

Services By CQR