Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: 16 Apr 2005 08:30:46 -0000
From: tom cruise <the.n3t@gmail.com.>
To: [email protected]
Subject: phpBB datenbank mod has XSS/SQL Injection in the id variable
X-Virus-Scanned: antivirus-gw at tyumen.ru



vulnerable mod:
datenbank

explaination:
you can pass SQL Injection / Cross Site Scripting (Commands) in the id variable inside the mod.php (mod-datenbank)

exploit:
http://&#091;target]/phpBB/moddb/mod.php?id='[SQL Injection]
http://&#091;target]/phpBB/moddb/mod.php?id='><script>alert(document.cookie)
&lt;/script&gt;

this bugs discovered by : neO
SGT SecurityGurus Team 
www.securitygurus.net

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: