Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15100
HistoryNov 16, 2006 - 12:00 a.m.

Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection

2006-11-1600:00:00
vulners.com
11

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory : http://aria-security.net/advisory/xtremeg.txt
#-----------------------------------------------------------
#Software: Xtreme ASP Photo Gallery
#Method : Cross Site Scripting And SQL Injection

#PoC:
#http://target/path/displaypic.asp?category=23&amp;sortorder=9&amp;total=10&amp;catname=[XSS]
#http://target/path/displaypic.asp?category=23&amp;sortorder=[SQL Injection]
#and also XSS method is possible while inserting XSS in search.

#Contact: [email protected]