Multiplayer BlackJack Online Casino Game 2.5 – Persistent Cross-Site Scripting

Authors:L0RD                    Risk:High

CVE:NO                         0day:Persistent Cross-Site Scripting 

0day -id:0DAY-176188            Date:2018-05-17

Description

Multiplayer BlackJack – Online Casino Game script has persistent cross site scripting that attacker
can set malicious payload into the vulnerable parameter.

POC

# Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting
# Date: 2018-05-16
# Exploit Author: L0RD
# Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628
# CVE: N/A
# Version: 2.5


1) click on the "sit" button in the web page
2) Put this payload into the "name" input and set wallet number :
<script>alert(document.domain)</script>
3) You will get an alert box in the page .

Leave a Reply