TUCoPS :: Web :: Apps :: b06-2852.htm

mole.com.ua Ticket Booking Script - XSS
mole.com.ua Ticket Booking Script - XSS
mole.com.ua Ticket Booking Script - XSS


Ticket Booking Script=0D
=0D
Homepage:=0D
http://www.mole.com.ua=0D 
=0D
Effected files:=0D
input boxes on booking2.php=0D
=0D
XSS Vulnerabilities:=0D
=0D
The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it to a MySQL db. This can causes XSS examples as well as possible SQL injections.=0D
=0D
For PoC just put  in any of the input boxes =0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH