Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) [eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection [eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability XSS in PHPKIT Version 1.6.03 [SA19443] PHP Script Index "search" Cross-Site Scripting Vulnerability From:Cyber Lords <fear_(at)_cyberlords.net> Date:29.03.2006Subject:SQL-Injection and XSS in uTopsites 1.5.1Advisory: SQL-Injection and XSS in uTopsites 1.5.1. Уязвимый скрипт: index.php Sql-injection: http://www.listrank.com/index.php?do=out&id='22 Xss: http://www.listrank.com/index.php?o=<script>alert()</script>& start=50 При добавлении комментариев не фильтруется ни одно поле. Пример: "><script>alert()</script><" -------------------------- Cyber Lords Team www.cyberlords.net
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
[eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection
[eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability
XSS in PHPKIT Version 1.6.03
[SA19443] PHP Script Index "search" Cross-Site Scripting Vulnerability
