[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ExoPHPdesk user profile XSS / profile SQL injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ExoPHPdesk user profile XSS / profile SQL injection
From: Joseph.giron13@xxxxxxxxx
Date: 13 Nov 2007 22:44:36 -0000

ExoPHPdesk user profile XSS / profile SQL injection
http://exoscripts.com/exohelpdesk

You can inject script code into the website area where you create profile. 
Cookies are in place making an XSS more than possible.  

http://example.com/helpdesk/index.php?fn=profile&s=&user=admin' sql here
SQL injection in the profile area is possible if you choose a bad input.

Prev by Date: [USN-541-1] Emacs vulnerability
Next by Date: Aria-Security.Net: MetaCart SQL Injection
Previous by thread: [USN-541-1] Emacs vulnerability
Next by thread: Aria-Security.Net: MetaCart SQL Injection
Index(es):
- Date
- Thread