Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cubro Classified Script Persistent/Reflected XSS Vulnerability

🗓️ 17 Aug 2010 00:00:00Reported by Sid3^effectsType 
zdt
 zdt🔗 0day.today👁 23 Views

Cubro Classified Script Persistent/Reflected XSS Vulnerability allows cross site scripting attacks, including both persistent and non-persistent vulnerabilities in demo site URL

Code
==============================================================
Cubro Classified Script Persistent/Reflected XSS Vulnerability
==============================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Cubro Classified Script Persistent/Reflected XSS Vulnerability
Date : August, 17 2010
Vendor Url :  http://www.classifieds.cubrosoft.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
Big hugs : Th3 RDX
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
greetz to :www.topsecure.net ,trent Dillman,*iNF3c73D_c0D3r*,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Cubro Classified Script allows your customers to place their classified ads on your site, free or paid classified ads to be

choose from your admin setting. Included with banner ads function which allow you to place banner ads for your advertiser.

Cubro Classifieds is very easy to install
and configure even for just beginners. No need to be programmer or professional to run or manage the software on your server,

all you need is the general internet stuff, like how to use any ftp program to transfer files, how to change files

permissions, very little html to customize the templates or links to your look and feel. Users has a very advanced search

tools besides the simple and fast search box that shows up on all the pages.
#######################################################################################################
The  flaw allows cross site scripting attack. This flaw exists because it doesn't validate
the inputs which are passed.

Xploit: Persistent XSS Vulnerability

Step 1 : Register
Step 2 : goto the option " POST AD
demo url:http://www.classifieds.cubrosoft.com/demo/postad.php?postadret
Step 3 : Insert your xss scripts  in the field and save it
Step 4 : now check your ad :)
###############################################################################################################
Xploit: Non-Persistent XSS Vulnerability

http://www.classifieds.cubrosoft.com/demo/banner_transaction.php?itemno=[Xss]

Screenshot : http://img52.imageshack.us/img52/6519/cub.png (Persistent XSS)
             http://img691.imageshack.us/img691/9550/refe.png (Reflected XSS)
###############################################################################################################
# 0day no more
# Sid3^effects 



#  0day.today [2018-03-20]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 2010 00:00Current
7.1High risk
Vulners AI Score7.1
cubroclassified scriptxssvulnerabilitycross site scriptingpersistentreflecteddemo sitenon-persistent
23