Paliz Portal – Cross-Site Scripting / Multiple SQL Injections

Exploit Database
16 阅读

作者： Net.Edit0r

日期： 2011-07-02
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/35923/

source: https://www.securityfocus.com/bid/48559/info

Paliz Portal is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/Page.aspx?search=1[XSSCode]&mID=1641&Page=search/advancedsearch
http://www.example.com/News/shownews/[page].aspx?NewsId=[Sqli]
http://www.example.com/[Path]/Default.aspx?tabid=[Sqli]

last Exploits
Paliz Portal – Cross-Site Scripting / Multiple SQL Injections的更多信息

WeBid 1.0.2 – Persistent Cross-Site Scripting (via SQL Injection)：
Sickbeard 0.1 – Remote Command Injection：
Minio 2022-07-29T19-40-48Z – Path traversal：
PHP Betoffice (Betster) 1.0.4 – Authentication Bypass / SQL Injection：
Realtor Real Estate Agent – ‘news.php’ SQL Injection：
WordPress Plugin Resume Submissions & Job Postings 2.5.1 – Unrestricted Arbitrary File Upload：
KeyBase Botnet 1.5 – SQL Injection：
iMLog < 1.307 - Persistent Cross Site Scripting (XSS)：