Wikidforum 2.10 – Advanced Search Multiple Cross-Site Scripting Vulnerabilities

Exploit Database
19 阅读

作者： Stefan Schurtz

日期： 2012-03-12
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36948/

source: https://www.securityfocus.com/bid/52425/info

Wikidforum is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Wikidforum 2.10 is vulnerable; other versions may also be affected. 

Search-Field -> Advanced Search -> Author -> '"</script><script>alert(document.cookie)</script>
Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> ><iMg src=N onerror=alert(document.cookie)>

last Exploits
Wikidforum 2.10 – Advanced Search Multiple Cross-Site Scripting Vulnerabilities的更多信息

Cotonti Siena 0.9.19 – ‘maintitle’ Stored Cross-Site Scripting：
SmartHouse Webapp 6.5.33 – Cross-Site Request Forgery：
Joomla! Component com_rsappt_pro2 – Local File Inclusion：
K-Search – SQL Injection / Cross-Site Scripting：
phpVideoPro 0.8.x/0.9.7 – Multiple Cross-Site Scripting Vulnerabilities：
WordPress Plugin WatuPRO 5.5.1 – SQL Injection：
Jaow CMS 2.3 – Cross-Site Request Forgery：
Joomla! Component com_frontenduseraccess – Local File Inclusion：