MyShoutPro v1.2 Final Cross Site Scripting Vulnerability

vendor:

MyShoutPro

by:

indoushka

7.5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: MyShoutPro

Affected Version From: MyShoutPro v1.2 Final

Affected Version To: MyShoutPro v1.2 Final

Patch Exists: NO

Related CWE:

CPE: a:iq-ty:myshoutpro:1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)

2009

MyShoutPro v1.2 Final Cross Site Scripting Vulnerability

MyShoutPro v1.2 Final is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'action' and 'page' parameters of the 'index.php' script. This code will be executed in the browser of the victim when the malicious URL is visited.

Mitigation:

Input validation should be used to prevent Cross Site Scripting attacks.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : MyShoutPro v1.2 Final Cross Site Scripting Vulnerability                |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # EDB-ID   :                                                                         |
| # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # DAte     :16/12/2009                                                               |
| # Verified :                                                                         |
| # Web Site : www.iq-ty.com                                                           |
| # Published:                                                                         |
| # Script   : MyShoutPro v1.2 Final	// Created By Mak [http://zeldaforums.net]     |
| # Tested on: windows SP2 Fran&#65533;ais V.(Pnx2 2.0) + Lunix Fran&#65533;ais v.(9.4 Ubuntu)       |
| # Bug      : XSS                                                                     | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| 1- http://127.0.0.1/myshoutpro/index.php?action=showarchive&page=1<img+src=http://127.0.0.1/matrix.jpg+onload=alert(213771818860)>
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------