header-logo
Suggest Exploit
vendor:
Easy File Sharing Webserver
by:
SickPsycko
8,8
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: Easy File Sharing Webserver
Affected Version From: 6.8
Affected Version To: 6.8
Patch Exists: YES
Related CWE: N/A
CPE: a:sharing-file:easy_file_sharing_webserver:6.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 32bit
2014

Easy File Sharing Webserver =>6.8 Persistent XSS

Easy File Sharing Webserver version 6.8 is vulnerable to a persistent XSS attack. An attacker can inject malicious JavaScript code into the username field when registering, which will be executed when the user logs in.

Mitigation:

Upgrade to the latest version of Easy File Sharing Webserver.
Source

Exploit-DB raw data:

Exploit Title: Easy File Sharing Webserver =>6.8 Persistent XSS
Date: 12/26/14
Exploit Author: SickPsycko
Vendor Homepage: http://www.sharing-file.com/
Version:6.8
Tested on: Windows 7 32bit

The exploit is within the username field.
So to exploit this vulnerability, One must place the payload into the
specified field when registering.

http://i.imgur.com/bibu81C.png
Once logged in. User will be greeted with such.

Navigation

Suggest Exploit

Services By CQR