Home / exploitsPDF  

jiros.txt

Posted on 27 November 2006

vendor site:http://www.jiros.net/ product:JiRos Links Manager bug: injection sql & xss risk : medium injection sql: /openlink.asp?LinkID='[sql] /viewlinks.asp?CategoryID='[sql] xss permanent (post): in: /submitlink.asp -Link Name: -Link URL: -Link Image: -Link Description: those xss are really dangerous , because an admin need to approuve the link so he gone get his cookie stealed direcly when he log into the administration panel laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@gmail.com

 

TOP