We are closing registration and public forum view to Paid & Private in 16 days! CLICK HERE to register FREE.
 
Create an account  

For users privacy, our last domains: CarderHack.com and OmertaHack.net are moved to CardingTeam.ws

Deposit & Withdraw | About Verified Sellers and Escrow | Advertise | Scam Report | Tracking Number Details | ICQ: 717039384

carding forums carding forums
carding forums carding forums
carding forums Paid adv expire in 48 days
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
MojoPortal 2.3.9.7 Cross Site Scripting

#1
MojoPortal version 2.3.9.7 suffers from a stored cross site scripting vulnerability.

Quote:Class Stored Cross-Site Scripting
Remote Yes
Credit Michael Savage of Dionach (vulns@dionach.com)
Vulnerable MojoPortal 2.3.9.7

MojoPortal is prone to a stored cross-site scripting vulnerability because it
does not escape the titles of forum threads when inserting into the page title
element.

An attacker may leverage this issue to run JavaScript in the context of another
user's browser.

MojoPortal 2.3.9.7 is known to be vulnerable. Other versions may also be
vulnerable.

To exploit this issue, an attacker must create a crafted post, for example:

POST /Forums/EditPost.aspx [txtSubject=+</title><script>alert("XSS!")</script>]

The vendor has released an updated version (2.3.9.8) which is believed to
resolve this issue. See the announcement at
https://www.mojoportal.com/mojoportal-2398-released
Reply
Paid adv. expire in 31 days
CLICK to buy Advertisement !

    Verified & Trusted Thread-Verified-SELLING-Carded-iPhone-X-XS-Max-Samsung-MacBook-Laptops-TV




Forum Jump: