jiros.txt

jiros.txt: Posted Nov 27, 2006; Authored by benjamin moss, laurent gaffie | Site s-a-p.ca; JiRos Links Manager suffers from SQL injection and cross site scripting flaws.; tags | exploit, xss, sql injection; SHA-256 | 7abc1c64457967044771911108c0b5816a11804135f27389e84c092ecb68ceda; Download | Favorite | View

jiros.txt

vendor site:http://www.jiros.net/
product:JiRos Links Manager
bug: injection sql & xss
risk : medium 


injection sql:
/openlink.asp?LinkID='[sql]
/viewlinks.asp?CategoryID='[sql]


xss permanent (post):
in: /submitlink.asp
-Link Name:
-Link URL:
-Link Image:
-Link Description:

those xss are really dangerous , because an admin need to approuve the link 
so he gone get his cookie stealed direcly when he log into the administration panel

laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

jiros.txt

jiros.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

jiros.txt

Share This

jiros.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems