<<< Date Index >>>     <<< Thread Index >>>

XSS bugs and SQL injection in sNews



Official page : http://www.solucija.com/home/snews/

XSS in comments :

just post some comment with <script>alert('XSS TEST by
securitydot.net');</script>
                        
FIX : put this on 423 line
$r = str_replace ("<","&lt",$r);
                $r = str_replace (">","&lg",$r);

Injection through categories : index.php?category=1%20or%201=2

FIX : put this on 313 line
if (ereg('^[0-9]*$' , $category))

Injection through id : index.php?id=0%20or%201=2

FIX : put this on 175 line
if (ereg('^[0-9]*$' , $id)) {

--
Securitydot.net
joffer and DrFrancky