Xt-News Multiple Input Validation Vulnerabilities

An attacker can exploit the cross-site scripting issues by enticing an unsuspecting user to follow a malicious URI. An attacker can exploit the SQL-injection issue through a web-client.

The following proof-of-concept URIs are available:

http://www.example.com/show_news.php?id_news=[SQL INJECTION]
http://www.example.com/add_comment.php?id_news=[XSS]
http://www.example.com/show_news.php?id_news=[XSS]


 

Privacy Statement
Copyright 2010, SecurityFocus