TUCoPS :: Web BBS :: etc :: b06-3617.htm

Phorum 5.1.14 XSS SQL injection Vulnerability
Phorum 5.1.14 XSS SQL injection Vulnerability
Phorum 5.1.14 XSS SQL injection Vulnerability


Phorum 5.1.14=0D
http://www.phorum.org=0D 
--------------------------=0D
Cross Site Scripting (XSS)=0D
--------------------------=0D
POST http://target.xx:80/posting.php HTTP/1.0=0D 
Accept: */*=0D
Content-Type: application/x-www-form-urlencoded=0D
Host: target.xx=0D
Content-Length: 447=0D
message_id=0&forum_id=1&mode==0D
-------------=0D
SQL injection=0D
-------------=0D
http://target.xx/search.php?1,search=1,page='[SQL]=0D 
-----------------=0D
Ellipsis Security=0D
http://www.ellsec.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH