luni, 6 februarie 2012

LibAnalytics Springshare Cross Site Scripting

# Exploit Title: LibAnalytics Springshare Cross Site Scripting
# Date: 6.02.2012
# Author: Sony

# Software Link: http://springshare.com/libanalytics/
# Web Browser: Mozilla Firefox
# Blog: http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/libanalytics-springshare-cross-site.html
..................................................................

Well, we have xss in the login.php [Email]

Our xss code:


http://codepad.org/LqL68vIQ

Demo:

https://libanalytics.com/login.php?iid=1



Also..we can see who use LibAnalytics:

https://libanalytics.com/login.php?iid=1
https://libanalytics.com/login.php?iid=2
https://libanalytics.com/login.php?iid=3
https://libanalytics.com/login.php?iid=4
..
https://libanalytics.com/login.php?iid=100
https://libanalytics.com/login.php?iid=103
etc..

0 comentarii:

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.