Lucene search
K

Subrion Auto Classifieds Cross Site Scripting

🗓️ 18 Jul 2010 00:00:00Reported by Sid3 effectsType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 32 Views

Subrion Auto Classifieds Persistent Xss Vulnerability on autos.site.co

Code
`Name :Subrion Auto Classifieds Persistent Xss Vulnerability  
Date : july 17,2010  
Critical Level : HIGH  
vendor URL :http://www.subrion.com/product/autos.html  
google dork:© 2010 Powered by Subrion CMS  
Author : Sid3^effects aKa HaRi  
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,SeeMe,RoadKiller  
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz  
#######################################################################################################  
Description:  
Subrion Auto Classifieds is a powerful, highly customizable classifieds script for auto sales sites. It is written in PHP with MySQL. Due to its easy manageable administrator Web interface and its great amount of features it is an excellent choice if you need a cars classifieds portal or an auto auction site.  
#######################################################################################################  
Xploit:Persistent Xss Vulnerability  
  
Step 1 : Register  
  
Step 2 : Submit your auto.  
  
DEMO URL :http://autos.site.com/autos/submit.php  
  
Step 3 : The attacker can insert their xss scripts in the options.  
  
Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>  
  
Step 4 : Now check your automobile :)  
  
DEMO URL :http://autos.site.com/autos/account-autos.html  
  
My demo :http://autos.site.com/autos/Acura/MDX/Acura-MDX-marquee-h1-XSS3d-By-Sid3-effects-h1-marqu-a6.html  
#######################################################################################################  
# 0day no more  
# Sid3^effects  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation