# Exploit Title: damianov.net Shoutbox XSS Vulnerability
# Date: 13.05.2010
# Author: Valentin
# Category: webapps/0day
# Version: 1.0
# Tested on: Debian, Apache2, PHP5
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1
::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = damianov.net Shoutbox XSS Vulnerability
Author = Valentin Hoebel
Contact = valentin@xenuser.org
[:::::::::::::::::::::::::::::::::::::: 0x2
::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = damianov.net Shoutbox
Vendor = damianov.net
Vendor Website = http://www.damianov.net/
Affected Version(s) = 1.0
[:::::::::::::::::::::::::::::::::::::: 0x3
::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = XSS
Injecting arbitrary HTML and Java Script code is possible while adding a
new
shout, no matter if HTML is allowed in the shoutsettings.php or not.
#1 Example:
#2 Example:
#3 Example:
#4 Example:
damianov.net 1.0 Shoutbox XSS Vulnerability
- damianov.net 1.0 Shoutbox XSS Vulnerability
- Unknown
- May 18, 2010
- No comments:
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment
silahkan tinggalkan komentar anda disini .. :D