- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37100
- Проверка EDB
-
- Пройдено
- Автор
- THECYBERNUXBIE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2012-04-20
Waylu CMS - '/products_xx.php' SQL Injection / HTML Injection
Код:
source: https://www.securityfocus.com/bid/53202/info
Waylu CMS is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
HTML Injection
http://www.example.com/WebApps/products_xx.php?id=[XSS]
SQL Injection
http://www.example.com/WebApps/products_xx.php?id=[SQL Injection]- Источник
- www.exploit-db.com
