Dragonfly CMS 9.0.6.1 and prior XSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dragonfly CMS 9.0.6.1 and prior XSS

Subject: Dragonfly CMS 9.0.6.1 and prior XSS
Date: Wed, 09 Aug 2006 13:32:52 +0000
From: "HeLiOsZ RooT" <suppressed>

## HeLiOsZ - Dark End Team - Internet Security Team
## Dragonfly CMS 9.0.6.1 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &http://www.darkend.org

## Rish : Medium
## Type : web applet

## Creator: http://www.cpgnuke.com/

## Exploit:
- The vuln is in the search section,it don't validate the imput.

To exploit this vuln you simply need an Internet Browser,you must only usea cookie

 logger to get the Portal cookies.

To know if it is vulnerable: <script>alert('This is an XSSVulnerability')</script>

## Dork: Interactive software released under GNU GPL, Code Credits, PrivacyPolicy


_________________________________________________________________

Don't just search. Find. Check out the new MSN Search!http://search.msn.com/

Prev by Date: Simple one-file GuestBook 1.0
Next by Date: Security Contact
Previous by thread: Simple one-file GuestBook 1.0
Next by thread: Security Contact
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.