facebook facebook twitter rss

AppServ 2.5.9 Cross Site Scripting

Author: sH@rk-Dz , Published: 29-05-2014
AppServ 2.5.9 Cross Site Scripting 
HOMe : http://www.appservnetwork.com
Author : sH@rk-Dz
Date: 28/05/2014
Tested on : Linux
D0rk : intitle:"AppServ Open Project" -site:www.appservnetwork.com
Vulnerable File : /index.php
Exploit : http://localhost.com/index.php?appservlang=
Demo1:http://testbank.moe.gov.eg/index.php?appservlang=(xss)
Demo2:http://www.fcea.gov.tw/index.php?appservlang=(xss)


In The Name Of Allah ^_^
The Vuln Found in the file ==> index.php
index.php at the paramter ?appservlang=
we can also inject any code of xss and send by GET in live http-Headers
and also we can iject string not only number using Charcode (in hackbar ther's small addon)

note:type of the vul is reflected :)

Greet's To : All ALG & ARB E-Hackers & Welad cha3b DZ

Like us on Facebook :