Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Gcon Tech Solutions 1.0 Cross Site Scripting

🗓️ 24 May 2015 00:00:00Reported by Jing WangType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

Gcon Tech Solutions v1.0 Cross-Site Scripting Vulnerabilit

Code
`*Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security  
Vulnerabilities*  
  
  
Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS  
Security Vulnerabilities  
Product: Gcon Tech Solutions  
Vendor: Gcon Tech Solutions  
Vulnerable Versions: v1.0  
Tested Version: v1.0  
Advisory Publication: May 23, 2015  
Latest Update: May 23, 2015  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)  
Impact Subscore: 2.9  
Exploitability Subscore: 8.6  
Writer and Reporter: Wang Jing [School of Physical and Mathematical  
Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)  
  
  
  
  
*Recommendation Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
Gcon Tech Solutions  
  
  
  
*Product & Vulnerable Versions:*  
Gcon Tech Solutions  
v1.0  
  
  
  
*Vendor URL & Download:*  
Gcon Tech Solutions can be obtained from here,  
http://www.gconts.com/Development.htm  
  
  
  
*Google Dork:*  
"Developed and maintained by Gcon Tech Solutions"  
  
  
  
*Product Introduction Overview:*  
"Over the years we have developed business domain knowledge various  
business areas. We provide Development Services either on time and material  
or turn-key fixed prices basis, depending on the nature of the project.  
Application Development Services offered by Gcon Tech Solutions help  
streamline business processes, systems and information. Gcon Tech Solutions  
has a well-defined and mature application development process, which  
comprises the complete System Development Life Cycle (SDLC) from defining  
the technology strategy formulation to deploying, production operations and  
support. We fulfill our client's requirement firstly from our existing  
database of highly skilled professionals or by recruiting the finest  
candidates locally. We analyze your business requirements and taking into  
account any constraints and preferred development tools, prepare a fixed  
price quote. This offers our customers a guaranteed price who have a single  
point contact for easy administration. We adopt Rapid Application  
Development technique where possible for a speedy delivery of the  
Solutions. Salient Features of Gcon Tech Solutions Application Development  
Services: (a) Flexible and Customizable. (b) Industry driven best  
practices. (c) Knowledgebase and reusable components repository. (d) Ensure  
process integration with customers at project initiation"  
  
  
  
  
*(2) Vulnerability Details:*  
Gcon Tech Solutions web application has a computer cyber security bug  
problem. It can be exploited by XSS attacks. This may allow a remote  
attacker to create a specially crafted request that would execute arbitrary  
script code in a user's browser session within the trust relationship  
between their browser and the server.  
  
Several other similar products 0-day vulnerabilities have been found by  
some other bug hunter researchers before. Gcon Tech Solutions has patched  
some of them. The Mail Archive automatically detects when it receives mail  
from a new list. Thus, you are encouraged, although certainly not required,  
to send a test message to the newly archived list. If you are adding  
several lists to the archive, send a separate and distinct test message to  
each one. It also publishes suggestions, advisories, solutions details  
related to XSS vulnerabilities and cyber intelligence recommendations.  
  
  
*(2.1) *The first programming code flaw occurs at "&id" parameter in  
"content.php?" page.  
  
  
  
  
  
  
  
  
*References:*  
http://www.tetraph.com/security/xss-vulnerability/gcon-tech-solutions-v1-0-xss/  
http://securityrelated.blogspot.com/2015/05/gcon-tech-solutions-v10-xss-cross-site.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/gcon-tech-solutions-v1-0-xss/  
https://webtechwire.wordpress.com/2015/05/23/gcon-tech-solutions-v1-0-xss/  
http://whitehatpost.blog.163.com/blog/static/24223205420154245138791/  
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02028.html  
http://seclists.org/fulldisclosure/2015/May/34  
https://www.bugscan.net/#!/x/21839  
http://lists.openwall.net/full-disclosure/2015/04/05/8  
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1957  
  
  
  
  
  
--  
Jing Wang,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://twitter.com/justqdjing  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 May 2015 00:00Current
7.4High risk
Vulners AI Score7.4
gcon tech solutionscross-site scriptingvulnerabilitysecurityxsscontent.phpadvisorycwe-79cveexploitweb application
42