Computer Security

Security Advisory: ExoPHPdesk user profile XSS / profile SQL injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Free Forums "search" Sql Injection

  Aria-Security.Net: MetaCart SQL Injection

  DocuSafe "Search" SQL Injection

  [Full-disclosure] 0day0day0day0day AURACMS XSS!! LATEST VERSION!!! 0day0day0day0day

From:joseph.giron13_(at)_gmail.com <joseph.giron13_(at)_gmail.com>
Date:14.11.2007
Subject:ExoPHPdesk user profile XSS / profile SQL injection

ExoPHPdesk user profile XSS / profile SQL injection
http://exoscripts.com/exohelpdesk

You can inject script code into the website area where you create profile. Cookies are in place making an XSS more than possible.  

http://example.com/helpdesk/index.php?fn=profile&s=&user=admin' sql here
SQL injection in the profile area is possible if you choose a bad input.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server