OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS

2006.08.28

Credit: Vampire

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-4351 | CVE-2006-4350

CWE: CWE-89

vendor:

http://www.oneorzero.com/

vuln :

http://[host]/supporter/index.php?t=tupd&id=[SQL]

http://[host]/supporter/index.php?t=tupd&id=[XSS]

Author : Vampire

vampire_chiristof (at) yahoo (dot) com [email concealed]

Homepage : Www.HackerZ.iR

Www.H4ckerZ.Com

Iran HackerZ Security Team

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.