Easy File Sharing Web Server 6.8 - Persistent Cross-Site Scripting

EDB-ID:

35626


Platform:

PHP

Published:

2014-12-27

Exploit Title: Easy File Sharing Webserver =>6.8 Persistent XSS
Date: 12/26/14
Exploit Author: SickPsycko
Vendor Homepage: http://www.sharing-file.com/
Version:6.8
Tested on: Windows 7 32bit

The exploit is within the username field.
So to exploit this vulnerability, One must place the payload into the
specified field when registering.

http://i.imgur.com/bibu81C.png
Once logged in. User will be greeted with such.