Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017060128

Below is a copy:

SadafBlog Script Cross Site Scripting Stored * Title : SadafBlog Script Cross Site Scripting ( Xss Stored )
* Date : 6/19/2017
* Dork : inurl:list.php intitle:  
* Author : GIST
* YouTube : https://youtu.be/a1hN9KC3wUQ
* Version : All Version
* Script Download : https://goo.gl/d7yDrt
* Vendor HomePage : - 
* Tested On : Windows 10


About Script :

Sadaf Blog SCript for blogs is beautiful and diverse capabilities 
including the ability to recruit blogs, etc.

Some Of Facilities Of Sadaf Blog Script : 
1-Allowing verification of reader comments to display
2-Assign a URL
3-The possibility of exclusive design templates or change in form, color and design blog
4-Ability to insert labels for each entry
5-Allocates 300 MB for upload in the blog admin panel
And ...


Exploit : 

1- Open Target 

2- Register A New Weblog ( Usually You Can Find It 'register' or 'register.php' )

3- Complet Fields.

4- In Field Of Title Weblog Have To Use Inspect Element To Removing restrictions Of Character

Delete This Part ' maxlength="60" '

5- Input Your Deface Page in Title WEblog Filed

6-Click Save And Go To List Of Weblogs ( Usually You Can Find It 'list' or 'list.php' )

7- You Will See Your Deface Page :)

Demo : 

http://raziblog.ir/
http://shikblog.ir/
http://7blog.ir/

Copyright ©2017 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.