Menu

Search for hundreds of thousands of exploits

"RXGoogle.CGI 1.0/2.5 - Cross-Site Scripting"

Author

Exploit author

"Shaun Colley"

Platform

Exploit platform

cgi

Release date

Exploit published date

2004-02-04

Download file

1
2
3
4
5
6
7
source: https://www.securityfocus.com/bid/9575/info

The rxgoogle.cgi search script is prone to a cross-site scripting vulnerability because the software fails to sanitize user input and allows various metacharacters that may facilitate cross-site scripting attacks.

An attacker may leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.example.com/cgi-bin/rxgoogle.cgi?query=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-11-19 "Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection" webapps cgi "Gabriele Zuddas"
2020-10-29 "Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)" webapps cgi "Valerio Alessandroni"
2020-04-23 "Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)" webapps cgi "Dhiraj Mishra"
2020-04-10 "Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal" webapps cgi "Basim Alabdullah"
2020-03-30 "Zen Load Balancer 3.10.1 - Remote Code Execution" webapps cgi "Cody Sixteen"
2020-02-11 "CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting" webapps cgi Luca.Chiou
2019-09-09 "Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure" webapps cgi LiquidWorm
2019-07-12 "Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution" webapps cgi "Chris Lyne"
2019-02-18 "Master IP CAM 01 3.3.4.2103 - Remote Command Execution" webapps cgi "Raffaele Sabato"
2019-02-11 "IPFire 2.21 - Cross-Site Scripting" webapps cgi "Ozer Goker"
Release Date Title Type Platform Author
2014-09-25 "GNU Bash - Environment Variable Command Injection (Metasploit)" remote cgi "Shaun Colley"
2012-08-03 "FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service" dos freebsd "Shaun Colley"
2011-09-30 "FreeBSD - UIPC socket heap Overflow (PoC)" dos freebsd "Shaun Colley"
2009-08-06 "FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service" dos freebsd "Shaun Colley"
2009-07-20 "FreeBSD 7.2 - 'pecoff' Local Denial of Service" dos freebsd "Shaun Colley"
2009-07-13 "FreeBSD 6/8 - ata Device Local Denial of Service" dos freebsd "Shaun Colley"
2008-08-07 "OpenVms 8.3 Finger Service - Stack Buffer Overflow" dos multiple "Shaun Colley"
2005-05-20 "Picasm 1.10/1.12 - Error Generation Remote Buffer Overflow" remote freebsd "Shaun Colley"
2004-03-31 "CDP 0.33/0.4 - Console CD Player PrintTOC Function Buffer Overflow" dos hardware "Shaun Colley"
2004-03-01 "Motorola T720 Phone - Denial of Service" dos hardware "Shaun Colley"
2004-02-04 "RXGoogle.CGI 1.0/2.5 - Cross-Site Scripting" webapps cgi "Shaun Colley"
2003-05-14 "PalmOS 3/4 - ICMP Flood Remote Denial of Service" dos palm_os "Shaun Colley" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected