Bugtraq mailing list archives

Dragonfly CMS 9.0.6.1 and prior XSS

From: "HeLiOsZ RooT" <heliosz_time () hotmail com>
Date: Wed, 09 Aug 2006 13:32:52 +0000

## HeLiOsZ - Dark End Team - Internet Security Team
## Dragonfly CMS 9.0.6.1 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &http://www.darkend.org

## Rish : Medium
## Type : web applet

## Creator: http://www.cpgnuke.com/

## Exploit:
- The vuln is in the search section,it don't validate the imput.

To exploit this vuln you simply need an Internet Browser,you must only usea cookie

 logger to get the Portal cookies.

To know if it is vulnerable: <script>alert('This is an XSSVulnerability')</script>

## Dork: Interactive software released under GNU GPL, Code Credits, PrivacyPolicy


_________________________________________________________________

Don't just search. Find. Check out the new MSN Search!http://search.msn.com/

Current thread:

Dragonfly CMS 9.0.6.1 and prior XSS HeLiOsZ RooT (Aug 10)