[] NeoSense
E X P L O I T S
title author type platform port cve id

Wallpaper Script 3.5.0082 - Persistent Cross-Site Scripting

Author: null pointer
type: webapps
platform: php
port: 
date_added: 2013-12-20 
date_updated: 2013-12-20 
verified: 0 
codes: CVE-2013-7274;OSVDB-101359 
tags: 
aliases:  
screenshot_url:  
application_url: 
[~] Exploit Title : Wallpaper Script Stored XSS Vulnerability
[~] D0rk Google :
[~] Author : nullp0int3r (0x00p0int3r@gmail.com)
[~] Version : 3.5.0082
[~] Date : 2013-12-14
[~] Vendor Homepage: http://www.wallpaperscript.com/
[~] Test on : Windows


Exploitation:
1) Register and log on as a regular member
2) Click on "Add Wallpaper"
3) Write in the title field: </title><script>alert("XSS")</script>
4) Fill other fields and choose a photo and click on "Save"
5) Go to "My Wallpapers"
6) Select your uploaded photo

Thanks:
Enddo
Far3nh3it
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.