Portal Web Services CRLF Injection / XSS

2013-03-31T00:00:00
ID PACKETSTORM:121027
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-03-31T00:00:00

Description

                                        
                                            `[+] Exploit Title: Portal Web Services Cms CRLF injection + Cross Site Scripting Vulnerability #  
#  
[+] Exploit Author: Ashiyane Digital Security Team #  
#  
[+] Home : www.Ashiyane.org #  
#  
[+] Vendor Homepage: www.portalwebservices.com #  
#  
[+] Tested on: Windows 7 #  
#  
[+] Dork: intext:"Powered By : Portal Web Services" #  
#  
#######  
=================================  
+ [Cross Site Scripting]  
  
#Location:site/contact.php #  
#  
#  
#Demo:http://www.qmsqatar.com/contact.php[XSS] #  
#Demo:http://www.alhammadigroup.net/contact.php[XSS] #  
=================================  
=================================  
+ [CRLF injection/HTTP response splitting]  
  
#Location:site/download_file.php #  
#  
#  
#DEm0:http://www.qmsqatar.com/download_file.php #  
#Demo:http://www.alhammadigroup.net/download_file.php #  
  
#######  
======================================  
* Greetz to: My Lord Allah  
* Sp Tnx To:  
Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,am118,PrinceofHacking,Alireza66,Amirh03in and all  
Ashiyane Security [ Researcher Team AND Deface Team ]  
  
* The Last One : My Self, tr0janman  
********  
#######  
  
`