Lyrics Script – SQL Injection / Cross-Site Scripting

• Exploit Database
• 7 阅读

• 作者： Valentin
  日期： 2010-06-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13863/

• [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
  >> General Information 
  Advisory/Exploit Title = Lyrics Script SQL Injection and Cross-Site Scripting Vulnerabilities
  Author = Valentin Hoebel
  Contact = valentin@xenuser.org
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
  >> Product information
  Name = Lyrics Script
  Authors = Dan Fletcher, Dunstan Mattocks
  Link = http://www.buymyscripts.net/21/Lyrics_Script.html
  Affected Version(s) = unknown
  
   
  [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
  >> #1 SQL Injection
  target/search_results.php?search=Search&k=[SQL Injection]
  target/browse_artist.php?letter=[SQL Injection]
  target/browse_song.php?letter=[SQL Injection]
  
  >> #2 Cross-Site Scripting
  target/search_results.php?search=Search&k=[XSS]
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
  >> Additional Information
  Advisory/Exploit Published = 14.06.2010
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
  >> Misc
  Greetz = cr4wl3r, JosS
  <3 packetstormsecurity.org!
  
  
  [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]