ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz

2006.04.05

Credit: D3vil-0x1 | Devil-00

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-1504

CWE: CWE-89

CVSS Base Score: 5.1/10

Impact Subscore: 6.4/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

ArabPortal Bugs :-
ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz
BugTraqz :- D3vil-0x1 | Devil-00
Visit Palestine :- www.palestineonly.com
/*
1- /forum.php?action=view&id=1&cat_id=3&adminJump=D3vil-0x1[HTML - XSS ]
2- /forum.php?action=view&id=1&cat_id=3&forum_middle=D3vil-0x1[HTML - XSS ]
//*
3- /forum.php?mineID=[SQL Injection]
*//
4- /members.php?action=changepass&form=D3vil-0x1[HTML - XSS ]
5- /members.php?action=edit&form=D3vil-0x1[HTML - XSS ]
6- /pm.php?action=reply&form=D3vil-0x1[HTML - XSS ]
7- /pm.php?action=sendmsg&form=D3vil-0x1[HTML - XSS ]
8- /mail.php?action=sendpage&form=D3vil-0x1[HTML - XSS ]
9- /mail.php?action=sendtome&form=D3vil-0x1[HTML - XSS ]
10- /mail.php?action=sendtousers&userid=1&form=D3vil-0x1[HTML - XSS ]
*/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.