Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities

Author: Vivek N
type: webapps
platform: php
port: 80.0
date_added: 2014-07-16 
date_updated: 2014-07-20 
verified: 1 
codes: OSVDB-98382;OSVDB-98379 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.combilboplanet-2.0.zip

# Exploit Title: Multiple XSS vulnerabilities in Bilboplanet application
# Date: 10/15/13
# Exploit Author:Vivek N
# (http://nvivek.weebly.com/)
# Vendor Homepage: http://www.bilboplanet.com/
# Software Link: www.bilboplanet.com/index.php/downloads/?lang=en
# Version: 2.0
# Tested on: Windows
# CVE :

    1. Stored  XSS Vulnerability when creating and updating tribes  in
             http://localhost/bilboplanet/user/?page=tribes
             POST Parameter: tribe_name
    2. Stored XSS vulnerability when adding tag
            http://localhost/bilboplanet/user/?page=tribes
            POST Parameter: tags
    3. Stored XSS in parameters : user_id and fullname
            http://127.0.0.1/bilboplanet/signup.php