TUCoPS :: HP Unsorted X :: b06-5791.htm

Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection



#Aria-Security Team Advisory
# For English > 
# For Persian > 
#Original Advisory : http://aria-security.net/advisory/xtremeg.txt 
#-----------------------------------------------------------
#Software: Xtreme ASP Photo Gallery
#Method : Cross Site Scripting And SQL Injection
#
#PoC:
#http://target/path/displaypic.asp?category=23&sortorder=9&total=10&catname=[XSS] 
#http://target/path/displaypic.asp?category=23&sortorder=[SQL Injection] 
#and also XSS method is possible while inserting XSS in search.
#
#Contact: Advisory@aria-security.net 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH