lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY12-F2496968D65B250F2263637B6E90@phx.gbl>
Date: Mon, 06 Mar 2006 22:09:41 +0000
From: "???? ????" <mr_snake_my@...mail.com>
To: bugtraq@...urityfocus.com
Subject: SQL injection & XSS IN  vbzoom v1.11


Software: vbzoom v1.11

Web Site:http://www.vbzoom.com

Versions: V1.11

== SQL Injection ==

http://www.victem.com/vz/show.php?UserID=1&MainID=1&SubjectID=[SQL]

http://www.victem.com/vz/show.php?UserID=1&MainID=[SQL]&SubjectID=1

==== XSS ====

http://www.victem.com/vz/comment.php?UserID='>XSS

http://www.victem.com/vz/profile.php?UserID=1&UserName='>XSS

http://www.victem.com/vz/contact.php?UserID='>XSS


Discovered by: Mr.SNAKE

FROM http://www.lezr.com

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ