AOH :: HP Unsorted X :: B06-5791.HTM

Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection



Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection



#Aria-Security Team Advisory
# For English > 
# For Persian > 
#Original Advisory : http://aria-security.net/advisory/xtremeg.txt 
#-----------------------------------------------------------
#Software: Xtreme ASP Photo Gallery
#Method : Cross Site Scripting And SQL Injection
#
#PoC:
#http://target/path/displaypic.asp?category=23&sortorder=9&total=10&catname=[XSS] 
#http://target/path/displaypic.asp?category=23&sortorder=[SQL Injection] 
#and also XSS method is possible while inserting XSS in search.
#
#Contact: Advisory@aria-security.net 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.