OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS
From: vampire_chiristof@xxxxxxxxx
Date: 15 Aug 2006 10:57:33 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

vendor:

http://www.oneorzero.com/

vuln :

http://[host]/supporter/index.php?t=tupd&id=[SQL]

http://[host]/supporter/index.php?t=tupd&id=[XSS]


Author : Vampire

vampire_chiristof@xxxxxxxxx

Homepage : Www.HackerZ.iR

Www.H4ckerZ.Com

Iran HackerZ Security Team

Prev by Date: Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA
Next by Date: Re: [Full-disclosure] RE: when will AV vendors fix this???
Previous by thread: Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA
Next by thread: JavaScript Lazy Authorization Forcer and Visited Link Scaner
Index(es):
- Date
- Thread