Дополнительная информация Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel nabopoll 1.1.2 sensitive file (admin without password) mcRefer SQL injection XSS in Rainbow with Rainbow.Zen From:sn0oPy.team_(at)_gmail.com <sn0oPy.team_(at)_gmail.com> Date:11 февраля 2007 г.Subject:Allons_voter Version 1.0 xss and admin votes* Allons_voter Version 1.0 xss and admin votes wihtout password * By : sn0oPy * Risk : medium * Dork : inurl:"Allons_voter" * exploit : Be admin : http://www.target.com/Allons_voter/menu.html replace it by http://www.target.com/Allons_voter/admin_ajouter.php or http://www.target.com/Allons_voter/admin_supprimer.php + inject any script on the admin add menu. * contact : sn0oPy@avenir-geopolitique.net * greetz : [subzero], Avg Team(forums.avenir-geopolitique.net). Rйference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2641
Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
[XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel
nabopoll 1.1.2 sensitive file (admin without password)
mcRefer SQL injection
XSS in Rainbow with Rainbow.Zen
