Advertisement






Social Plus Mobile Friendly PHP Social Network v1.0.1 XSS Vulnerability

CVE Category Price Severity
N/A CWE-79 Unknown Medium
Author Risk Exploitation Type Date
Unknown Medium Remote 2019-01-03
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019010026

Below is a copy:

Social Plus Mobile Friendly PHP Social Network v1.0.1 XSS Vulnerability
====================================================================================================================================
| # Title     : Social Plus Mobile Friendly PHP Social Network v1.0.1 XSS Vulnerability                                            |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            | 
| # Vendor    : https://m.social-plus.org/                                                                                         |  
| # Dork      : n/a                                                                                                                |
====================================================================================================================================


poc :

[+] Dorking n Google Or Other Search Enggine.

[+] use payload : <script>alert(/indoushka/);</script>

[+] go to messenger https://m.social-plus.org/message/opendialog/398 and select a friend and post your payload.

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh   |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.