TUCoPS :: Web :: Apps :: b06-3040.htm

MP3 Search/Archive v1.2 - XSS
MP3 Search/Archive v1.2 - XSS
MP3 Search/Archive v1.2 - XSS


MP3 Search/Archive v1.2=0D
=0D
Homepage:=0D
http://www.bloodys.com=0D 
=0D
Affected files:=0D
Search input box.=0D
index.php=0D
=0D
Data is not properally sanatized before its generated. For PoC try putting the code below in the search box:=0D
=0D
=0D 
=0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/mp3search.jpg=0D 
=0D
XSS vuln via res variable on index.php.=0D
=0D
PoC:=0D
">">">'>'><"">">"><"<"<"<'<'=0D">http://www.example.com/search/index.php?letter=O&p=2&res=92">">">">'>'><"">">"><"<"<"<'<'=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/mp3search2.jpg=0D 
http://www.youfucktard.com/xsp/mp3search3.jpg

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH