PGAUTOPro – SQL Injection / Cross-Site Scripting (2)

Exploit Database
10 阅读

作者： Sid3^effects

日期： 2010-06-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34110/

source: https://www.securityfocus.com/bid/40664/info

PG Auto Pro is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

The following example URIs are available:

SQL Injection

http://www.example.com/vehicle/buy_do_search/?order_direction=DESC&&status=1&form_gid=vehicle_user_quick_search_new&back_module=vehicle%2Fbuy_do_search&page=[SQL Injection]

Cross Site Scripting

http://www.example.com/vehicle/buy_do_search/?order_direction=[XSS]

last Exploits
PGAUTOPro – SQL Injection / Cross-Site Scripting (2)的更多信息

Pre Printing Press – ‘product_desc.php?pid’ SQL Injection：
DBCart – ‘article.php’ SQL Injection：
Spitfire 1.0.3x – ‘cms_username’ Cross-Site Scripting：
Wifi Soft Unibox Administration 3.0 & 3.1 – SQL Injection：
Joomla! Component Search 3.0.0 – SQL Injection：
Microsoft Outlook Web Access (OWA) 8.2.254.0 – Information Disclosure：
Cisco EPC3925 – Persistent Cross-Site Scripting：
Bitweaver 2.8.1 – Persistent Cross-Site Scripting：