Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13369
HistoryJun 30, 2006 - 12:00 a.m.

PHPClassifieds General

2006-06-3000:00:00
vulners.com
9
JSON

PHPClassifieds General v.n/a

Homepage:
http://www.phpclassifieds.info/

Affected files:
search.php
*Posting classified ads

SQL injection on search.php via rate var:
http://www.example.com/search.php?rate=[sql]

XSS vuln when posting a classified ad:

Data isn't sanatized before being generated. For a PoC as a ad enter:

<script>alert('xss')</script>

Screenshots:

http://www.youfucktard.com/xsp/phpclass1.jpg
http://www.youfucktard.com/xsp/phpclass2.jpg
http://www.youfucktard.com/xsp/phpclass3.jpg

JSON