Wikidforum 2.10 – Search Field Cross-Site Scripting

Exploit Database
15 阅读

作者： Stefan Schurtz

日期： 2012-03-12
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36947/

source: https://www.securityfocus.com/bid/52425/info
 
Wikidforum is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
 
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Wikidforum 2.10 is vulnerable; other versions may also be affected. 

Search-Field -> '"</script><script>alert(document.cookie)</script>

last Exploits
Wikidforum 2.10 – Search Field Cross-Site Scripting的更多信息

In4Suit ERP 3.2.74.1370 – ‘txtLoginId’ SQL injection：
ManageEngine ServiceDesk Plus 9.0 – Authentication Bypass：
Joomla! Component com_iproperty – SQL Injection：
Bootstrapy CMS – Multiple SQL Injection：
PHP Melody 2.7.1 – ‘playlist’ SQL Injection：
Kloxo 6.1.18 Stable – Cross-Site Request Forgery：
Joomla! Component My MSG 3.2.1 – SQL Injection：
PhpTax 0.8 – File Manipulation ‘newvalue’ / Remote Code Execution：