VLDPersonals Cross-Site Scripting XSS

Standard

# Exploit Title: VLD Personals – Cross Site Scripting ( Reflective ) with admin authentication.
# Notified VLD Personals Date: 02/FEB/2015

# Exploit Author: Mr T
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Vulnerable Version: 2.7.1
# Fixed Version 2.7.2
# Tested on: Windows / Linux

XSS in "what" Parameter

XSS in “what” Parameter

Continue reading

VLDPersonal Bug Bounty

Standard

# Exploit Title: VLD Personals – Multiple Vulnerabilities
# Date: 09/11/2014
# Exploit Author: Talib Osmani
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Version: 2.7
# CVE: CVE-2014-9004
# Exploit-db: http://www.exploit-db.com/exploits/35193/
# Fixed Version 2.7.1
# Tested on: Windows / Linux

Continue reading