silentum-xss.txt

2008-09-06T00:00:00
ID PACKETSTORM:69712
Type packetstorm
Reporter Maximiliano Soler
Modified 2008-09-06T00:00:00

Description

                                        
                                            `+===============================================================+  
+ Silentum LoginSys v1.0.0 (XSS) Cross-Site Scripting +  
+===============================================================+  
  
  
Author(s): Maximiliano Soler.  
Web: www.maximilianosoler.com.ar  
  
Product: Silentum LoginSys v1.0.0  
  
Description: Silentum LoginSys is terrific if you're looking for a simple,  
easy-to-install login system for your site.  
  
Web: http://hypersilence.net (HyperSilence)  
  
Versions: 1.0.0  
  
Date: 06/09/2008  
  
  
GOOGLE DORKS:  
------------  
[+] inurl:"login.php" + intext:"Stay logged in for:" + intext:"User Name:"  
  
  
  
EXPLOIT:  
--------  
  
For example...after the variable "message"  
  
http://domain/login.php?message=[XSS]  
  
  
+===============================================================+  
+ Silentum LoginSys v1.0.0 (XSS) Cross-Site Scripting +  
+===============================================================+  
`