MGB – Multiple Cross-Site Scripting / SQL Injections

Exploit Database
15 阅读

作者： Stefan Schurtz

日期： 2012-07-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37489/

source: https://www.securityfocus.com/bid/54348/info

MGB is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

MGB 0.6.9.1 is vulnerable; other versions may also be affected. 

http://www.example.com/mgb/admin/admin.php?action=delete&id=[SQLi]&p=1

http://www.example.com/mgb/index.php?p=1â??"</script><script>alert(document.cookie)</script> [XSS]

http://www.example.com/mgb/newentry.php [XSS]

last Exploits
MGB – Multiple Cross-Site Scripting / SQL Injections的更多信息

Kempt SiteDone 2.0 – ‘/detail.php’ Cross-Site Scripting / SQL Injection：
RazorCMS 1.2.1 STABLE – Arbitrary File Upload：
Pandora Fms 3.1 – Blind SQL Injection：
Slooze PHP Web Photo Album 0.2.7 – Command Execution：
ImpressPages CMS 3.6 – Multiple Cross-Site Scripting / SQL Injection Vulnerabilities：
Cab Management System 1.0 – Remote Code Execution (RCE) (Authenticated)：
WordPress Plugin WP E-Commerce Shop Styling 2.5 – Arbitrary File Download：
OpenEMR 4.1 – ‘/contrib/acog/print_form.php?formname’ Traversal Local File Inclusion：