Sharecash vulnerable to Persistent Cross Site Scripting vulnerability

Security Researcher, Rafay Baloch, the founder of Rafay Hacking Articles,  has discovered a Cross Site scripting (XSS) Vulnerability in ShareCash website( ShareCash is the highest paying Pay-Per-Download network around.

The vulnerability affects the  "Manage Widget" page of ShareCash.  The XSS vulnerability found to be stored one.

Stored XSS Vulnerability

Stored XSS is critical one since the script is being stored on the server and is being executed every time user visits the affected page.

In an Email Sent to EHN, Researcher provided the screenshot of the Proof-of-concept.  From the POC, I come to know that the "Widget Name" is vulnerable to xss attack.  It seems like the developer fails to validate the input.

Rafay claimed that he sent more than 10 emails to share cash to notify them about the vulnerability, but they failed to respond.
Category: / / / / /

Share this with Your friends: