#Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory : #http://www.aria-security.com/forum/showthread.php?t=33 #----------------------------------------------------------- #Software: ActiveNews Manager #Method: SQL Injection And Cross Site Scripting #http://www.dotnetindex.com/activenews.asp # #PoC: #http://target/path/activeNews_categories.asp?catID=[SQL INJECTION] #http://target/path/activeNews_comments.asp?articleID=[SQL INJECTION] #http://target/path/activenews_view.asp?articleID=[SQL INJECTION] #http://target/path/default.asp?page=[SQL INJECTION] #http://target/path/activenews_search.asp?query=[XSS] # #Contact: Advisory@xxxxxxxxxxxxxxxxx
