BugTraq
XSS bugs and SQL injection in sNews Feb 14 2006 04:25PM
Alexander Hristov (joffer gmail com)
Official page : http://www.solucija.com/home/snews/

XSS in comments :

just post some comment with <script>alert('XSS TEST by
securitydot.net');</script>

FIX : put this on 423 line
$r = str_replace ("<","<",$r);
$r = str_replace (">","&lg",$r);

Injection through categories : index.php?category=1%20or%201=2

FIX : put this on 313 line
if (ereg('^[0-9]*$' , $category))

Injection through id : index.php?id=0%20or%201=2

FIX : put this on 175 line
if (ereg('^[0-9]*$' , $id)) {

--
Securitydot.net
joffer and DrFrancky

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus