=========================================================
| # Title : Rss Site Builder v2.0 Multi Vulnerability
| #Author : indoushka
| #Vondor : www.p30vel.ir
=========================================================
CRLF injection/HTTP response splitting :
This vulnerability affects /11/install.php.
Attack details
POST (multipart) input settings[2][field_value] was set to SomeCustomInjectedHeader:injected_by_test
Cross site scripting :
URI was set to "onmouseover='prompt(929925)'bad=">
The input is reflected inside a tag parameter between double quotes.
Reinstall Seting :
http://127.0.0.1/11/install.php
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * 9aylas * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================