AWCM v2.2 final Persistent Cross Site Script Vulnerability

ID 1337DAY-ID-15378
Type zdt
Reporter _84kur10_
Modified 2011-02-15T00:00:00


Exploit for php platform in category web applications

                                            # Exploit Title: AWCM v2.2 final Persistent Cross Site Script
# Date: 13-02-2011
# Author:_84kur10_
# Software Link:
# Version: v2.2
# CVE :
# Contact: 84kur10[at]
# Greetz to: SLG all Members, D4nb4r, Navi_terrible, J3h3s, C4br4
Register a new user, go to your main panel in
http://[url]/awcm/member_cp.php, edit your avatar and put:
" onmouseover="alert(document.cookie)"><!--
Each that hovered over the area of avatar, jump our alert. we could
make some adjustments to make stealing a cookies.

# [2018-01-03]  #