+==============================================================================+
+ Matt's Whois (mwhois.php) - ALL Versions XSS Multiple Remote Vulnerabilities +
+==============================================================================+


Author(s): Ivan Sanchez & Maximiliano Soler.

Product: MWhois (Matt's Whois Lookup)

Web: http://www.mattsscripts.co.uk/mwhois.htm

Versions: ALL Versions.

Date: 18/02/2008




GOOGLE DORKS:
------------
[+] inurl:"mwhois.php"



EXPLOIT:
--------

http://[DOMAIN].tld/mwhois.php

Variable affected: domain

POST: domain=[XSS]&ext=tld



NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==============================================================================+
+ Matt's Whois (mwhois.php) - ALL Versions XSS Multiple Remote Vulnerabilities +
+==============================================================================+

-- 
     Maximiliano Soler.
  Reports & Review Code.

    Null Code Services.
    www.nullcode.com.ar

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.