Lyrics Script Cross Site Scripting / SQL Injection

2010-06-16T00:00:00
ID PACKETSTORM:90676
Type packetstorm
Reporter Valentin Hoebel
Modified 2010-06-16T00:00:00

Description

                                        
                                            `# Exploit Title: Lyrics Script SQL Injection and Cross-Site Scripting Vulnerabilities  
# Date: 14.06.2010  
# Author: Valentin  
# Category: webapps/0day  
# Version: unknown  
# Tested on:   
# CVE :   
# Code :   
  
  
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]  
>> General Information   
Advisory/Exploit Title = Lyrics Script SQL Injection and Cross-Site Scripting Vulnerabilities  
Author = Valentin Hoebel  
Contact = valentin@xenuser.org  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]  
>> Product information  
Name = Lyrics Script  
Authors = Dan Fletcher, Dunstan Mattocks  
Link = http://www.buymyscripts.net/21/Lyrics_Script.html  
Affected Version(s) = unknown  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]  
>> #1 SQL Injection  
target/search_results.php?search=Search&k=[SQL Injection]  
target/browse_artist.php?letter=[SQL Injection]  
target/browse_song.php?letter=[SQL Injection]  
  
>> #2 Cross-Site Scripting  
target/search_results.php?search=Search&k=[XSS]  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]  
>> Additional Information  
Advisory/Exploit Published = 14.06.2010  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]  
>> Misc  
Greetz = cr4wl3r, JosS  
<3 packetstormsecurity.org!  
  
  
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]  
`