facebook facebook twitter rss

siteGo all version Xss Stored and Full Path Disclosure

Author: hamza killer , Published: 28-02-2014
######################################################################
# siteGo all version Xss Stored & Full Path Disclosure #
# Author : hamza killer #
# E-mail : hlyzidi@gmail.com #
# GoogleDork: -_- !!! #
# Vendor :http://site-go.com #
# Thx TO : sec4ever & sec4all #
######################################################################
xss :
===
index.php in input search
Xss stored in
site.com/?action=contacts
how exploit :
just put your payload(javascript code or html) in message (You can steal cookies.)
And it will be sent to admin in control and
When he will read the message the code will be execute
(sorry for my very bad english)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Full Path Disclosure:
===================
just use any headr editor tools to delete Cookie: PHPSESSID=
look :
http://im64.gulfup.com/sbo4l.png

Like us on Facebook :