MyFreePost Cross Site Scripting

2012-10-07T00:00:00
ID PACKETSTORM:117181
Type packetstorm
Reporter Ryuzaki Lawlet
Modified 2012-10-07T00:00:00

Description

                                        
                                            `  
  
  
##################################################  
# Exploit Title: myfreepost (searchbrief.php) <= XSS Vulnerability  
# Date: 07/10/2012  
# Author: Ryuzaki Lawlet  
# Web/Blog: http://justryuz.blogspot.com  
# 3Mail: ryuzaki_l@y7mail.com  
# Category: webapps  
# Google dork: fsearchbrief.php?no=  
# Tested on: Linux  
+---------------------------------------------------+  
[~]Exploit/p0c :  
  
http://localhost/my4D_searchbrief.php?no=[XSS]  
http://localhost/sgTOTO_freq.php?draws=[  
  
  
[~] Demo  
http://my.myfreepost.com/my4D_searchbrief.php?no=[xss]  
http://www.myfreepost.com/lottery/index.php/us/arizonalottery/pick3/search_brief/?no=[XSS]  
  
[~] Image  
http://1.bp.blogspot.com/-OKZTASS-9R4/UHCUi4fyDPI/AAAAAAAAApY/j2593IXcj38/s1600/xss.png  
  
  
+---------------------------------------------------+  
Greetz to : ./CyberSEC  
`