exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Gcon Tech Solutions 1.0 Cross Site Scripting

Gcon Tech Solutions 1.0 Cross Site Scripting
Posted May 24, 2015
Authored by Jing Wang

Gcon Tech Solutions version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 78e2c8b0a4ea364a57ad54d204934326bc489abb43255c9176bf33aad8567441

Gcon Tech Solutions 1.0 Cross Site Scripting

Change Mirror Download
*Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security

Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS
Security Vulnerabilities
Product: Gcon Tech Solutions
Vendor: Gcon Tech Solutions
Vulnerable Versions: v1.0
Tested Version: v1.0
Advisory Publication: May 23, 2015
Latest Update: May 23, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [School of Physical and Mathematical
Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)

*Recommendation Details:*

*(1) Vendor & Product Description:*

Gcon Tech Solutions

*Product & Vulnerable Versions:*
Gcon Tech Solutions

*Vendor URL & Download:*
Gcon Tech Solutions can be obtained from here,

*Google Dork:*
"Developed and maintained by Gcon Tech Solutions"

*Product Introduction Overview:*
"Over the years we have developed business domain knowledge various
business areas. We provide Development Services either on time and material
or turn-key fixed prices basis, depending on the nature of the project.
Application Development Services offered by Gcon Tech Solutions help
streamline business processes, systems and information. Gcon Tech Solutions
has a well-defined and mature application development process, which
comprises the complete System Development Life Cycle (SDLC) from defining
the technology strategy formulation to deploying, production operations and
support. We fulfill our client's requirement firstly from our existing
database of highly skilled professionals or by recruiting the finest
candidates locally. We analyze your business requirements and taking into
account any constraints and preferred development tools, prepare a fixed
price quote. This offers our customers a guaranteed price who have a single
point contact for easy administration. We adopt Rapid Application
Development technique where possible for a speedy delivery of the
Solutions. Salient Features of Gcon Tech Solutions Application Development
Services: (a) Flexible and Customizable. (b) Industry driven best
practices. (c) Knowledgebase and reusable components repository. (d) Ensure
process integration with customers at project initiation"

*(2) Vulnerability Details:*
Gcon Tech Solutions web application has a computer cyber security bug
problem. It can be exploited by XSS attacks. This may allow a remote
attacker to create a specially crafted request that would execute arbitrary
script code in a user's browser session within the trust relationship
between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by
some other bug hunter researchers before. Gcon Tech Solutions has patched
some of them. The Mail Archive automatically detects when it receives mail
from a new list. Thus, you are encouraged, although certainly not required,
to send a test message to the newly archived list. If you are adding
several lists to the archive, send a separate and distinct test message to
each one. It also publishes suggestions, advisories, solutions details
related to XSS vulnerabilities and cyber intelligence recommendations.

*(2.1) *The first programming code flaw occurs at "&id" parameter in
"content.php?" page.


Jing Wang,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By