Symphony 2.2.3 – ‘/symphony/publish/images?filter’ Cross-Site Scripting

Exploit Database
11 阅读

作者： Mesut Timur

日期： 2011-11-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36280/

source: https://www.securityfocus.com/bid/50470/info

Symphony is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Symphony versions prior to 2.2.4 are vulnerable. 

http://example.com/symphony/publish/images/?filter='"--></style></script><script>alert(1)</script>

last Exploits
Symphony 2.2.3 – ‘/symphony/publish/images?filter’ Cross-Site Scripting的更多信息

OL-Commerce – ‘/OL-Commerce/affiliate_signup.php?a_country’ SQL Injection：
Itech News Portal Script 6.28 – ‘sc’ SQL Injection：
LifeType 1.2.10 – HTTP Referer Persistent Cross-Site Scripting：
dawa-pharma 1.0-2022 – Multiple-SQLi：
Marinet CMS – ‘room.php’ Blind SQL Injection：
PHP gettext 1.0.12 – ‘gettext.php’ Code Execution：
Joomla! Component com_formmaker 3.4 – SQL Injection：
daChooch – SQL Injection：