Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: b06-1086.htm

Xss in Wbb 2.3.4



Xss in Wbb 2.3.4
Xss in Wbb 2.3.4



hi again friends
i discovered a xss in wbb again ;)
in
wbb/acp/lib/class_db_mysql.php

in the 123.line

$errormsg .= "Script: ".getenv("REQUEST_URI")."\n
"; hmm what can we do with that? if there is an sql db error you may do /wbb/xx.php? or you may use filebase mod for make an sql error like that http://www.wbbsite.com/filebase_redirect.php?fid=' WwW.SpyMasterSnake.org Tontonq ;)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH