Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities Softbiz Banner Exchange 1.0 XSS CSRF in Nuked Klan 1.7 SP4.2 [KAPDA]http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com> Date:30.06.2006Subject:PHPClassifieds GeneralPHPClassifieds General v.n/a Homepage: http://www.phpclassifieds.info/ Affected files: search.php *Posting classified ads ----------------------------------------- SQL injection on search.php via rate var: http://www.example.com/search.php?rate=[sql] ----------------------------------------- XSS vuln when posting a classified ad: Data isn't sanatized before being generated. For a PoC as a ad enter: <script>alert('xss')</script> Screenshots: http://www.youfucktard.com/xsp/phpclass1.jpg http://www.youfucktard.com/xsp/phpclass2.jpg http://www.youfucktard.com/xsp/phpclass3.jpg
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Secunia Research: phpRaid SQL Injection and File Inclusion Vulnerabilities
Softbiz Banner Exchange 1.0 XSS
CSRF in Nuked Klan 1.7 SP4.2
[KAPDA]http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html
