2DayBiz ybiz Network Community Script – SQL Injection / Cross-Site Scripting

Exploit Database
41 阅读

作者： Sid3^effects

日期： 2010-06-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34153/

source: https://www.securityfocus.com/bid/40913/info

2daybiz Network Community Script is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

The following example URIs are available:

SQL Injection:

http://www.example.com/products/orkutclone/view_photo.php?page=3&alb=[SQLI]

Cross site Scripting:

http://www.example.com/products/orkutclone/scrapbook.php?id=[XSS]

last Exploits
2DayBiz ybiz Network Community Script – SQL Injection / Cross-Site Scripting的更多信息

Matterdaddy Market – Multiple Vulnerabilities：
Netgear R7000 – Cross-Site Scripting：
ZYXEL P-660HN-T1A Router – Authentication Bypass：
CuteEditor for PHP 6.6 – Directory Traversal：
VMware vCenter Server 7.0 – Unauthenticated File Upload：
Social Networking Site – Authentication Bypass (SQli)：
Invision Power Board (IP.Board) 3.3.4 – Unserialize Regex Bypass：
Wing FTP Server Admin 4.4.5 – Multiple Vulnerabilities：