Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18484
HistoryNov 22, 2007 - 12:00 a.m.

MySpace Scripts - Poll Creator JavaScript Injection Vulnerability

2007-11-2200:00:00
vulners.com
35
JSON

[HSC]MySpace Scripts - Poll Creator JavaScript Injection Vulnerability

Our MySpace Poll Creator script is the ultimate addition to your MySpace
resource
site. The script enables your user to quickly and easily create a poll that
they
can post to profile or bulletin to all their friends. Everyone loves to
create a
poll and gather opinions and this isn't something that's available on every
other
MySpace resource site.

Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz

Risk: Medium
Class: Input Validation Error

Vendor: http://www.m2scripts.com
Product: MySpace Scripts - Poll Creator

  • Attackers can exploit these issues via a web client.

Cross-Site Scripting:

http://www.victim.com/poll/index.php/XSS

Example of Advance Exploitation of the Application:

Once we have found that the application is vulnerable to JavaScript
Injection we see
that there is a form that will be our source of input to alter page source
code the Files.
Now we can advance this type of attack by injecting an evil script trough
/poll/index.php?action=create_new. Now we can inject any code into the Raw
From Box
and submit. This will leave a persistent Code on the Server side.

Example: http://www.victim.com/poll/index.php?action=create_new

Only becoming a Ethical Hacker, you can stop a Hacker. Learn with out having
to pay thousands!- http://kit.hackerscenter.com - The most comprehensive
security
pack you will ever find on the net!

JSON