DomainShopScript suffers from a persistent cross site scripting vulnerability.
78fdf5dd6314e782d9bc20e026c2a3fdb8743e92972e740f1b846d80f1543c6b %+
$.......#........4.........|)........0............\/\/ %+
%+
%+
%++++++++++++++++++++++++++++++++++++++++
# Exploit Title: DomainShopScript persistent XSS vulnerability
#Vendor: www.domainshopscript.com
# Date: 1st july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D(
karthikaryabhat@gmail.com)
#Google Dork: © Copyright 2006 Domain Shop Script
*****************************************************************************************************************************************************************************************
BREIF DESCRIPTION
*****************************
DSS is a script based on PHP and MySQL which allows for the listing and sale
of domain names, a growing commodity on the internet and beyond. Although
DSS is meant for advanced users and resellers, it can also be used by those
who only have a few domains to sell. DSS is easy to use, completely
customizeable, and gives customers an easy and interactive interface to work
with. Features of DomainShopScript: -Complete control of all domain-related
tasks within one consolidated administrative panel. -Ability to group
domains by category. -Search ability available to users. -'Contact Us'
script built in. -Ability to receive offers, as well as accept them, reject
them, or counter them. -Ability to allow purchases for a set price. -Full
domain details available on domain information page. -Completely
customizable user interface. -Ability to store user information and utilize
a username and password.
******************************************************************************************************************************************************************************************
Persistent XSS Vulnerability
********************************
{DEMO} : target/demo/index.php
EXPLOIT: >><marquee><h1>$#4d0\/\/</h1><marquee>
Observe: A persistent cross-site scripting vulnerability in DomainShopScript
can be exploited to execute arbitrary JavaScript.
*****************************************************************************************************************************************************************************************
sp3c14l Thanks to s1d3 effects and my friends@!3.14--
**************************************************************************
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed