Exploit efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
26591
Проверка EDB
  1. Пройдено
Автор
[email protected]
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2005-4167
Дата публикации
2005-11-25
Код:
source: https://www.securityfocus.com/bid/15568/info

eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities.

These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.

eFiction versions 1.0, 1.1 and 2.0 are reported to be vulnerable; other versions may also be affected. 

http://www.example.com/efiction/titles.php?action=viewlist&let=<script>alert(document.cookie)</script>
 
Источник
www.exploit-db.com

Похожие темы