Indexu XSS Vulnerability | BOT24

Indexu XSS Vulnerability


##########################################
# Exploit Title: Indexu Cross Site Scripting Vulnerability
# Date: 2012-11-27
# Author: DaOne aka Mocking Bird
# Software Link: http://www.nicecoder.com/indexu/
# Category: webapps/php
# Google dork: intext:"Powered by Indexu 7.4"
# Version: 7.4 + maybe some old versions
# Price: $67
##########################################

>> This bug allow attackers to inject script code by add website request

# How to exploit:
go to http://site.com/add.php and put your xss code in [Title] field
anything in another fields ...
now administrator will see your script code in [Pending listing] >> http://site.com/admin/link.php?act=pending

Thanks to: TheGreaTTeAm/LCA and Inj3ct0r Team.




//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information

Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment