[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : InselPhoto 1.1 Persistent XSS Vulnerability
# Published : 2009-02-16
# Author : rAWjAW
# Previous Title : pHNews Alpha 1 (genbackup.php) Database Disclosure Vulnerability
# Next Title : Falt4 CMS RC4 (fckeditor) Arbitrary File Upload Exploit
###########################################################
# Software: InselPhoto v1.1 Persistent XSS Vulnerability #
# Discovered by: Paul Hand aka rAWjAW #
# Blog: http://rawjaw-security.blogspot.com #
# E-mail: phand3754<at>gmail<dot>com #
# Shouts: rBg && eternal_security #
###########################################################
For this Persistent XSS to work you have to:
1. Create a user account
2. Create an album
3. Upload any picture to the photo album you created and put as the description something such as: <script>alert(document.cookie)</script>
4. Now have anyone view your slideshow!
# www.Syue.com [2009-02-16]