efendy-xss.txt

2007-07-02T00:00:00
ID PACKETSTORM:57417
Type packetstorm
Reporter GeFORC3
Modified 2007-07-02T00:00:00

Description

                                        
                                            `i found a bug on Efendy Blog v1.0 (tr) XSS Vulnerability.  
i want to publish it on your site.  
  
  
Efendy Blog v1.0 (tr) XSS Vulnerability  
  
#Software: Efendy Blog v1.0 (tr)  
#download: http://www.aspindir.com/goster/4989  
#demo: http://www.webixir.com/  
#Found By: GeFORC3 ( G3 )  
  
  
#Example & Exploit :  
  
You write xss code in Efendy Blog v1.0 script's search (ara)  
  
exp: "><script>alert("G3");</script>  
  
Press to "ara"(search) button.  
  
This xss works on Efendy Blog v1.0 script's main page  
-----------------------------------------------------  
The POST variable "ara" has been set to "><script>alert("G3");</script>  
(example xss code)  
-----------------------------------------------------  
  
WwW.GeFORC3.Org | WwW.HeykirBlog.Com | WwW.NetKaBus.Com  
`