facebook facebook twitter rss

Rss Site Builder v2.0 Multi Vulnerability

Author: indoushka , Published: 25-10-2014
Rss Site Builder v2.0 Multi Vulnerability
=========================================
Author : indoushka
Vondor : www.p30vel.ir
======================================

CRLF injection/HTTP response splitting :

This vulnerability affects /11/install.php.

Attack details
POST (multipart) input settings[2][field_value] was set to SomeCustomInjectedHeader:injected_by_test

Cross site scripting :

URI was set to "onmouseover='prompt(929925)'bad=">
The input is reflected inside a tag parameter between double quotes.

Reinstall Seting :

http://127.0.0.1/11/install.php

Like us on Facebook :