lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060519032448.9975.qmail@securityfocus.com>
Date: 19 May 2006 03:24:48 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Yourfreeworld Styleish Text Ads Script


Homepage of script
http://www.yourfreeworld.com/script/textads.asp


Stylish Text Ads Script can be one of the most useful tools for any webmaster. 
If you own 1 or more websites and want to sell text ads then this tool can be one of the best tool for you. 

Effected files:
tr1.php
advertise.php

Exploit:

SQL Injection on tr1.php can shows full path disclosure errors as well as inproper filtering on the forms of advertise.php that can lead to malicious code injection or XSS.

Example:
http://www.example.com/stylishtextads/tr1.php?id=1'


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ