All Enthusiast PhotoPost Classifieds Multiple Input Validation Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:
http://www.example.com/showcat.php?si=[XSS]
http://www.example.com/reportproduct.php?report=[XSS]
http://www.example.com/contact.php?contact=[INT]&productid=[INT][XSS]

http://www.example.com/showproduct.php?product=[INT][SQL]
http://www.example.com/contact.php?contact=[INT]&productid=[INT][SQL]
http://www.example.com/addfav.php?product=[INT][SQL]&do=add
http://www.example.com/showproduct.php?product=[INT]&sort=[INT][SQL]&cat=[INT]
http://www.example.com/showcat.php?cat=[INT][SQL]
http://www.example.com/index.php?cat=[INT][SQL]
http://www.example.com/comments.php?product=[INT]&cedit=[INT][SQL]


 

Privacy Statement
Copyright 2010, SecurityFocus