BugTracker.NET 3.4.4 – SQL Injection / Cross-Site Scripting

Exploit Database
15 阅读

作者： BugTracker.NET

日期： 2010-11-30
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/35031/

source: https://www.securityfocus.com/bid/45121/info

BugTracker.NET is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

BugTracker.NET v3.4.4 is vulnerable; other versions may be affected. 

http://www.example.com/edit_comment.aspx?id=48&bug_id=3%3E%3Cscript%3Ealert%28%27%27%29;%3C/script%3E

last Exploits
BugTracker.NET 3.4.4 – SQL Injection / Cross-Site Scripting的更多信息

The Open ISES Project 3.30A – ‘tick_lat’ SQL Injection：
Joomla! Component com_yjcontactus – Local File Inclusion：
Bedder CMS – Blind SQL Injection：
Care2x Open Source Hospital Information Management 2.7 Alpha – ‘Multiple’ Stored XSS：
Hanbanggaoke IP Camera – Arbitrary Password Change：
W-Agora 4.2.1 – ‘search.php?bn’ Cross-Site Scripting：
CubeCart 3.0.6 – Cross-Site Request Forgery (Add Admin)：
Pandora FMS 5.0/5.1 – Authentication Bypass：