Back to list
Aardvark Topsite XSS vulnerability
Oct 24 2010 04:13PM
Yam Mesicka (yammesicka gmail com)
I found XSS on Aardvark Topsites PHP system.
Dork: "Powered by Aardvark Topsites" "SQL Queries"
XSS PoC: site_path/index.php?a=search&q=%22%20onmouseover%3dalert(String.fromChar
Can use POST to effect the "email", "title", "u" and "url" parameters
either on the same way.
Tested versions: 5.2.0 & 5.2.1 (might work on other versions also).
Haven't found a way to contact the admins/security department directly.
If more details are needed, please contact me.
- Yam Mesicka
[ reply ]
Copyright 2010, SecurityFocus