jiros.txt

jiros.txt: Posted Nov 27, 2006; Authored by benjamin moss, laurent gaffie | Site s-a-p.ca; JiRos Links Manager suffers from SQL injection and cross site scripting flaws.; tags | exploit, xss, sql injection; SHA-256 | 7abc1c64457967044771911108c0b5816a11804135f27389e84c092ecb68ceda; Download | Favorite | View

jiros.txt

vendor site:http://www.jiros.net/
product:JiRos Links Manager
bug: injection sql & xss
risk : medium 


injection sql:
/openlink.asp?LinkID='[sql]
/viewlinks.asp?CategoryID='[sql]


xss permanent (post):
in: /submitlink.asp
-Link Name:
-Link URL:
-Link Image:
-Link Description:

those xss are really dangerous , because an admin need to approuve the link 
so he gone get his cookie stealed direcly when he log into the administration panel

laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

jiros.txt

jiros.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

jiros.txt

Share This

jiros.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems