SimpleInvoices invoices Module – Customer Field Cross-Site Scripting

Exploit Database
9 阅读

作者： tommccredie

日期： 2012-12-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38115/

source: https://www.securityfocus.com/bid/56882/info

Simple Invoices is prone to multiple HTML-injection vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. 

[http://]www.example.com/simpleinvoices/index.php?module=invoices&view=manage&having=%3C/script%3E%3Cscript%3Ealert%28%27POC%20XSS%27%29;%3C/script%3E%3Cscript%3E

last Exploits
SimpleInvoices invoices Module – Customer Field Cross-Site Scripting的更多信息

Forritun – Multiple SQL Injections：
Prado Portal 1.2 – ‘page’ Cross-Site Scripting：
Flippa Website Script – SQL Injection：
Alkacon OpenCMS 15.0 – Multiple Cross-Site Scripting (XSS)：
Sitecom WLM-2501 – Multiple Cross-Site Request Forgery Vulnerabilities：
Online AgroCulture Farm Management System 1.0 – ‘uname’ SQL Injection：
V-SOL GPON/EPON OLT Platform 2.03 – Cross-Site Request Forgery：
Netvolution CMS 2.x – SQL Injection Script：