SocketKB versions 1.1.5 and below suffer from cross site scripting vulnerabilities.
0684c0084d3fb8aae4fe1a04af9378e18f090376164aca236928951d2b9497e6+==================================================================+
+ SocketKB <=1.1.5 (XSS) Multiple Remote Vulnerabilities +
+==================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler.
Product: SocketKB.
Description: PHP Knowledge Base builder and article management system.
Web: https://www.socketkb.com/site/home/
Versions: 1.1.5 (or less)
Date: 19/10/2007
GOOGLE DORKS:
------------
[+] intext:"Powered by SocketKB version"
EXPLOIT:
--------
For example...after the variable "node" or "art_id"
https://www.[DOMAIN].tld/[PATH]/?__f=article&art_id=###[XSS]&node=###[XSS]
Note:
### -> it is number of "art_id" and "node"
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==================================================================+
+ SocketKB <=1.1.5 (XSS) Multiple Remote Vulnerabilities +
+==================================================================+
--
Maximiliano Soler.
Reports & Review Code.
Null Code Services.
www.nullcode.com.ar
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed