Thursday, December 9, 2010

MWeb Online Catalog vulnerable to Cross Site Scripting

on      No comments
# Exploit Title: MWeb Online Catalog vulnerable to Cross Site Scripting
# Google Dork: intext:This is an MWeb™ Online Catalog
# Date: 09 December 2010
# Author: p0pc0rn
# Software Link: http://www.systemsplanning.com/mweb/credits.asp



XSS
====
http://site/something/mweb.exe?request=[XSS]

Screenshot:
http://img202.imageshack.us/img202/628/mweb.png



Status
======
Reported

Thanks
p0pc0rn
Share:

0 comments:

Post a Comment