Tender Knowledge Base Cross Site Scripting

Posted on 03 March 2012

# Exploit Title: Tender Knowledge Base Cross Site Scripting # Date: 3.03.2012 # Author: Sony # Software Link: http://tenderapp.com/ # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/03/tender-knowledge-base-cross-site.html .................................................................. Well, we have xss in the Tender Knowledge --> forgot_password. Demo: http://support.cloudflare.com/forgot_password http://3.bp.blogspot.com/-j7dJEjPwjhY/T1FzLD7PjvI/AAAAAAAAArk/lWTeCk3i9eA/s1600/cloudflare.JPG https://help.tenderapp.com/forgot_password http://4.bp.blogspot.com/-2YAp4-Ps-tc/T1FzR5ltHcI/AAAAAAAAArw/bNQoAEGNYMs/s1600/helptender.JPG

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

SOPlanning 1.52.00 Cross Site Scripting
SOPlanning 1.52.00 Cross Site Request Forgery
SOPlanning 1.52.00 SQL Injection
htmlLawed 1.2.5 Remote Command Execution
Online Tours And Travels Management System 1.0 SQL Injection

Last 20