Bugtraq mailing list archives
JiRos Links Manager[injection sql & xss permanent]
From: saps.audit () gmail com
Date: 21 Nov 2006 20:12:50 -0000
vendor site:http://www.jiros.net/ product:JiRos Links Manager bug: injection sql & xss risk : medium injection sql: /openlink.asp?LinkID='[sql] /viewlinks.asp?CategoryID='[sql] xss permanent (post): in: /submitlink.asp -Link Name: -Link URL: -Link Image: -Link Description: those xss are really dangerous , because an admin need to approuve the link so he gone get his cookie stealed direcly when he log into the administration panel laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit () gmail com
Current thread:
- JiRos Links Manager[injection sql & xss permanent] saps . audit (Nov 21)