0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Cubro Classified Script Persistent/Reflected XSS Vulnerability

Author

Sid3^effects

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

==============================================================
Cubro Classified Script Persistent/Reflected XSS Vulnerability
==============================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Cubro Classified Script Persistent/Reflected XSS Vulnerability
Date : August, 17 2010
Vendor Url :  http://www.classifieds.cubrosoft.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
Big hugs : Th3 RDX
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
greetz to :www.topsecure.net ,trent Dillman,*iNF3c73D_c0D3r*,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Cubro Classified Script allows your customers to place their classified ads on your site, free or paid classified ads to be

choose from your admin setting. Included with banner ads function which allow you to place banner ads for your advertiser.

Cubro Classifieds is very easy to install
and configure even for just beginners. No need to be programmer or professional to run or manage the software on your server,

all you need is the general internet stuff, like how to use any ftp program to transfer files, how to change files

permissions, very little html to customize the templates or links to your look and feel. Users has a very advanced search

tools besides the simple and fast search box that shows up on all the pages.
#######################################################################################################
The  flaw allows cross site scripting attack. This flaw exists because it doesn't validate
the inputs which are passed.

Xploit: Persistent XSS Vulnerability

Step 1 : Register
Step 2 : goto the option " POST AD
demo url:http://www.classifieds.cubrosoft.com/demo/postad.php?postadret
Step 3 : Insert your xss scripts  in the field and save it
Step 4 : now check your ad :)
###############################################################################################################
Xploit: Non-Persistent XSS Vulnerability

http://www.classifieds.cubrosoft.com/demo/banner_transaction.php?itemno=[Xss]

Screenshot : http://img52.imageshack.us/img52/6519/cub.png (Persistent XSS)
             http://img691.imageshack.us/img691/9550/refe.png (Reflected XSS)
###############################################################################################################
# 0day no more
# Sid3^effects 



#  0day.today [2024-11-14]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Cubro Classified Script Persistent/Reflected XSS Vulnerability

Report Error

Report Error