Paliz Portal – Cross-Site Scripting / Multiple SQL Injections

• Exploit Database
• 144 阅读

• 作者： Net.Edit0r
  日期： 2011-07-02
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/35923/
• 1 2 3 4 5 6 7 8 9 10

  source: https://www.securityfocus.com/bid/48559/info   Paliz Portal is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.   Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.   http://www.example.com/Page.aspx?search=1[XSSCode]&mID=1641&Page=search/advancedsearch http://www.example.com/News/shownews/[page].aspx?NewsId=[Sqli] http://www.example.com/[Path]/Default.aspx?tabid=[Sqli]