lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060519032448.9975.qmail@securityfocus.com> Date: 19 May 2006 03:24:48 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Yourfreeworld Styleish Text Ads Script Homepage of script http://www.yourfreeworld.com/script/textads.asp Stylish Text Ads Script can be one of the most useful tools for any webmaster. If you own 1 or more websites and want to sell text ads then this tool can be one of the best tool for you. Effected files: tr1.php advertise.php Exploit: SQL Injection on tr1.php can shows full path disclosure errors as well as inproper filtering on the forms of advertise.php that can lead to malicious code injection or XSS. Example: http://www.example.com/stylishtextads/tr1.php?id=1'