- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 31774
- Проверка EDB
-
- Пройдено
- Автор
- DAVID SOPAS FERREIRA
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6631
- Дата публикации
- 2008-05-10
Код:
source: https://www.securityfocus.com/bid/29133/info
BlogPHP is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue, an HTML-injection issue, and a cookie-manipulation issue.
Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, and gain access as an arbitrary user.
BlogPHP 2.0 is vulnerable; other versions may also be affected.
http://www.example.com/index.php?act=sendmessage&user=admin[XSS]- Источник
- www.exploit-db.com
