# Exploit Title: Paliz Portal [Sql-XSS] Multiple Vulnerabilities # Date: 2011.07.02 # Author: Net.Edit0r # Version : All versian # Tested on: Windows server 2003 # CVE : - ----------------------------------------------------------------------------------------- Paliz Portal [Sql-XSS] Multiple Vulnerabilities ----------------------------------------------------------------------------------------- Author : Net.Edit0r # Date: 2011.07.02 Location : Iran Web : http://Black-Hg.Org & http://mn-team.net/ Critical Lvl : Medium Where : From Remote My Group : Black Hat Group #BHG --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~ ./ >>> Page.aspx?search=1[XSS Code]&mID=1641&Page=search/advancedsearch [XSS] ./ >>> News/shownews/[page].aspx?NewsId=[Sqli] 1:[Sql Access ] ./ >>> Default.aspx?tabid=[Sqli] 2:[Sql Access ] PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: Http://target.com/Page.aspx?search=1[XSS Code]&mID=1641&Page=search/advancedsearch ~ [PoC] ~: Http://target.com/News/shownews/[page].aspx?NewsId=[Sqli] ~ [PoC] ~: Http://target.com/[Path]/Default.aspx?tabid=[Sqli] Dork: ~~~~~ Google : intext:"Paliz Portal" Timeline: ~~~~~~~~~ - 11 - 05 - 2011 bug found. - 29 - 06 - 2011 vendor contacted, but no response. - 2 - 07 - 2011 Advisories release. Contact: ~~~~~~~~~ Net.Edit0r@att.net ~ Black.hat.tm@gmail.com --------------------------------------------------------------------------- Greetz To :DarkCoder | 3H34N | Amir-MaGiC | H3x | D3adlY and all bhg member Spical Th4nks: B3hz4d | Cru3l.b0y | M4Hd1 | HUrr!c4nE | Mikili And All My Friendz Web Greetz :http://Black-Hg.Org & http://mn-team.net/ & http://pentesters.ir/ [!] Persian Gulf 4 Ever [!] I Love Iran And All Iranian People -------------------------------- [ EOF ] ----------------------------------