CANDID - '/image/view.php?image_id' Cross-Site Scripting | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 34220

Проверка EDB

Пройдено

Автор: L0RD CRUSAD3R

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-2010-4978

Дата публикации: 2010-06-29

CANDID - '/image/view.php?image_id' Cross-Site Scripting

Код:

source: https://www.securityfocus.com/bid/41216/info
 
CANDID is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
http://www.example.com/image/view.php?image_id=[XSS]

Источник: www.exploit-db.com

Поиск

Exploit CANDID - '/image/view.php?image_id' Cross-Site Scripting

Exploiter

Похожие темы