Saints Row suffers from a persistent cross site scripting vulnerability.
d27711aad2dbe6c2769dcc664cbd043dff170e143ebee0fa872c294fbfffc8cc########################################################
| Title : Saints Row (saintsrow.com) Persistent XSS
| Author : Codeine
| Email : f3codeine[at]yahoo[dot]com
| Date : 11/07/2011
| Cat : PHP[XSS]
| URL : http://www.saintsrow.com/
########################################################
Saintsrow.com suffers from a persistent XSS vulnerability within the profile system.
The vulnerability persists in all profile fields except first & last name.
No filter evasion needed.
1.) Sign up at www.saintsrow.com
2.) Click "MY STEELPORT"
3.) Enter XSS string into field(s).
Ex: <script>alert('Follow @codeinesec')</script>
This is a persistent vulnerability.
POC: http://www.saintsrow.com/profile/cyberhacker
_________________________________________________________________________________
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed