ID 1337DAY-ID-11947
Type zdt
Reporter Valentin Hobel
Modified 2010-04-23T00:00:00
Description
Exploit for php platform in category web applications
=================================
phpGreetCards XSS Vulnerabilities
=================================
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = phpGreetCards XSS Vulnerabilities
Author = Valentin Hoebel
Contact = [email protected]
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = phpGreetCards
Vendor = W2B
Vendor Website = http://www.w2bpm.com/
Affected Version(s) = 3.7
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Multiple XSS possibilities on multiple parameters, e.g. when creating an ecard:
index.php?mode=select&category=XX&card[image]=XX&card[sender_name]=~XSS~&card[sender_email]=XX&card[recip_name]=~XSS~&card[recip_email]=XX&card[stamp]=XX&card[bg]=%23B8C2C9&card[font_color]=%23A2ABB1&card[category]=XX&PHPSESSID=XX
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 22.04.2010
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]
# 0day.today [2018-01-06] #
{"id": "1337DAY-ID-11947", "bulletinFamily": "exploit", "title": "phpGreetCards XSS Vulnerabilities", "description": "Exploit for php platform in category web applications", "published": "2010-04-23T00:00:00", "modified": "2010-04-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/11947", "reporter": "Valentin Hobel", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2018-01-06T03:00:56", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for php platform in category web applications", "edition": 1, "enchantments": {"score": {"modified": "2016-04-20T02:28:12", "value": 3.7}}, "hash": "ca51ba8a33124c77953de387d660f03efec2a1299cdbd86e0c410b68105a3368", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0495c290ab6ed2ca6740c0cd1d2df6d0", "key": "published"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "91452cb3d964dfdea338a5b9e20751c3", "key": "sourceHref"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d73bed51292d8f484099884e3b35fdfa", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d4e0dc02b07581dcc5b0240027abc131", "key": "sourceData"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "56b16f26d6ac388fc4fe7df3c440f32d", "key": "reporter"}, {"hash": "5551ee2648d049d388860fbc4dd12fed", "key": "title"}, {"hash": "0495c290ab6ed2ca6740c0cd1d2df6d0", "key": "modified"}], "history": [], "href": "http://0day.today/exploit/description/11947", "id": "1337DAY-ID-11947", "lastseen": "2016-04-20T02:28:12", "modified": "2010-04-23T00:00:00", "objectVersion": "1.0", "published": "2010-04-23T00:00:00", "references": [], "reporter": "Valentin Hobel", "sourceData": "=================================\r\nphpGreetCards XSS Vulnerabilities\r\n=================================\r\n\r\n[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]\r\n>> General Information \r\nAdvisory/Exploit Title = phpGreetCards XSS Vulnerabilities\r\nAuthor = Valentin Hoebel\r\nContact = valentin@xenuser.org\r\n\r\n \r\n[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]\r\n>> Product information\r\nName = phpGreetCards\r\nVendor = W2B\r\nVendor Website = http://www.w2bpm.com/\r\nAffected Version(s) = 3.7\r\n\r\n\r\n[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]\r\n>> #1 Vulnerability\r\nMultiple XSS possibilities on multiple parameters, e.g. when creating an ecard:\r\n\r\nindex.php?mode=select&category=XX&card[image]=XX&card[sender_name]=~XSS~&card[sender_email]=XX&card[recip_name]=~XSS~&card[recip_email]=XX&card[stamp]=XX&card[bg]=%23B8C2C9&card[font_color]=%23A2ABB1&card[category]=XX&PHPSESSID=XX\r\n\r\n\r\n[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]\r\n>> Additional Information\r\nAdvisory/Exploit Published = 22.04.2010\r\n\r\n\r\n[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]\r\n>> Misc\r\nGreetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!\r\n\r\n\r\n[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]\r\n\r\n\r\n\n\n# 0day.today [2016-04-20] #", "sourceHref": "http://0day.today/exploit/11947", "title": "phpGreetCards XSS Vulnerabilities", "type": "zdt", "viewCount": 0}, "differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T02:28:12"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc"}, {"key": "href", "hash": "4bd9608153991c780d752b7522b2363f"}, {"key": "modified", "hash": "0495c290ab6ed2ca6740c0cd1d2df6d0"}, {"key": "published", "hash": "0495c290ab6ed2ca6740c0cd1d2df6d0"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "56b16f26d6ac388fc4fe7df3c440f32d"}, {"key": "sourceData", "hash": "cabc8666c712e0f7a1100ecee4457a0b"}, {"key": "sourceHref", "hash": "09a378e5b524cc58dcc39ac46b623dda"}, {"key": "title", "hash": "5551ee2648d049d388860fbc4dd12fed"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "hash": "d062465103cb2c99fa2f94f264c6750e01d02f6af1d1c6422662f1657a8c365d", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "sourceHref": "https://0day.today/exploit/11947", "sourceData": "=================================\r\nphpGreetCards XSS Vulnerabilities\r\n=================================\r\n\r\n[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]\r\n>> General Information \r\nAdvisory/Exploit Title = phpGreetCards XSS Vulnerabilities\r\nAuthor = Valentin Hoebel\r\nContact = [email\u00a0protected]\r\n\r\n \r\n[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]\r\n>> Product information\r\nName = phpGreetCards\r\nVendor = W2B\r\nVendor Website = http://www.w2bpm.com/\r\nAffected Version(s) = 3.7\r\n\r\n\r\n[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]\r\n>> #1 Vulnerability\r\nMultiple XSS possibilities on multiple parameters, e.g. when creating an ecard:\r\n\r\nindex.php?mode=select&category=XX&card[image]=XX&card[sender_name]=~XSS~&card[sender_email]=XX&card[recip_name]=~XSS~&card[recip_email]=XX&card[stamp]=XX&card[bg]=%23B8C2C9&card[font_color]=%23A2ABB1&card[category]=XX&PHPSESSID=XX\r\n\r\n\r\n[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]\r\n>> Additional Information\r\nAdvisory/Exploit Published = 22.04.2010\r\n\r\n\r\n[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]\r\n>> Misc\r\nGreetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!\r\n\r\n\r\n[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]\r\n\r\n\r\n\n\n# 0day.today [2018-01-06] #"}
{"result": {}}
