Wikidforum 2.10 – Search Field Cross-Site Scripting

Exploit Database
104 阅读

作者： Stefan Schurtz

日期： 2012-03-12
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36947/

source: https://www.securityfocus.com/bid/52425/info

Wikidforum is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Wikidforum 2.10 is vulnerable; other versions may also be affected.

Search-Field -> '"</script><script>alert(document.cookie)</script>

last Exploits
Wikidforum 2.10 – Search Field Cross-Site Scripting的更多信息

Joomla! Component Teams – Multiple Blind SQL Injections：
Joomla! Component com_sef – Remote File Inclusion：
MISP 2.4.97 – SQL Command Execution via Command Injection in STIX Module：
Zenoss 3.2.1 – (Authenticated) Remote Command Execution：
Dell SonicWALL Gms 7.2.x – Code Injection：
PHP-Nuke 8.1.0.3.5b – ‘Downloads’ Blind SQL Injection：
School ERP Pro+Responsive 1.0 – Arbitrary File Download：
BoastMachine – ‘blog’ SQL Injection：