Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  phpBB2 2.0.22 Cross Site Scripting Vulnerability

  Cross-Site Scripting vulnerabilities in AwesomeTemplateEngine

From:vivek_infosec_(at)_yahoo.com <vivek_infosec_(at)_yahoo.com>
Date:3 января 2008 г.
Subject:xss in w3-msql error page

A reflected xss flaw exists in the w3-msql error page.

google dork : "W3-mSQL Error!  -  Can't stat script file (/"

Just insert a script from the start of /

like if u get a URL like:-

http://localhost/cgi-bin/w3-msql/journal/ijcd/index.html

and the error page output as :-

W3-mSQL Error!  -  Can't stat script file (/journal/ijcd/index.html)

u can try this:-

A reflected xss flaw exists in the w3-msql error page.

google dork : "W3-mSQL Error!  -  Can't stat script file (/"

Just insert a script from the start of /

like if u get a URL like:-

http://localhost/cgi-bin/w3-
msql/<script>alert('xss')</script>

to confirm the issue

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород