:: IwebNegar v1.1 Multiple vulnerabilities ::

------------------------------------------------

Software : IwebNegar v1.1

Website : ----

Bug Discover : Hessam-x / www.hessamx.net

I. Cross Site Scripting Vulnerability

-------------------------------------------------

Parameter "comment" are not properly sanitized in "comments.php".

This can be used to post arbitrary HTML or web script code.

attacked by comments.php with field comment

& ...

II. SQL Injection Vulnerability

-------------------------------------------------

Parameter "id" is not properly sanitized before being used in SQL query.

vulnerable Page is : "comments.php".

This can be used make any SQL query by injecting arbitrary SQL code.

Attacker can be execute this url :

comments.php?id=[SQL Query]

[ reply ]