Trust Ur Knowledge: Interspire - Cross Site-Scripting # XSS

dimanche 1 décembre 2013

Interspire - Cross Site-Scripting # XSS

Interspire E-mail Marketer suffers from a Cross Site-Scripting vulnerability that allows to inject HTML and malicious scripts.

The vulnerable code is at: /admin/index.php
The vulnerable parameter is: "Page"

Proof of Concept:
 http://[domain]/admin/index.php?Page={XSS}&Action=Login

Google Dork:
inurl:admin/index.php?Page= intext:Interspire

Version 6 is vulnerable [tested on v 6.1.0].
that can access any cookies, session tokens, or other - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that can access any cookies, session tokens, or other - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
sensitive information retained by your browser and used with that site - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. - See more at: http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf

Aucun commentaire:

Enregistrer un commentaire