Saturday, November 20, 2010

isCollection search form Designed by dubuweb XSS vulnerability

on      No comments
# Exploit Title: isCollection search form Designed by dubuweb XSS vulnerability
# http://www.dubuweb.com
# dork : intext:Designed by dubuweb
# Date: 20/11/2010
# Author: p0pc0rn
# Risk level: Medium
# Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.

XSS
===
http:site.com/search/search.php?isCollection=webpage&k=[xss]

POC
===
http://www.greeninc.co.kr/search/search.php?isCollection=webpage&k=[xss]

Screenshot
==========

http://img600.imageshack.us/img600/4213/dubuweb.png



p0pc0rn

p/s : there are more vuln in this cms
Share:

0 comments:

Post a Comment