齐博分类信息系统最新版前台存储型XSS一枚

简要描述： 原本想搞个校园二手交易平台，下载了这个分类系统，测试时发现了这个存储型 估计是设计者忘了过滤这个参数吧- - ，不应该出现 详细说明： 下载了最新的齐博分类系统，搭建环境xampp+win764 安装完后，齐博分类信息默认游客可以免费发两条信息，其他权限用户组发布信息权限可以后台设置。存储型xss就发现在发布信息的时候。 因为我后台设置游客不能发，所以以admin权限发布一下信息看看。。。具体信息填写如下图： 漏洞证明： 限制字符长度为30个字符，我没有短域名，，，，，只能alert一下啦=。= 来看看代码 发布信息提交后电话那一栏信息提交为 postdbtelephone ...

Online Classified System Script SQL Injection and XSS Vulnerabilities

No description provided by source. 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Online Classified System Script SQLi and XSS Vulnerable Vendor...

2daybiz online classified system SQLi AND XSS Vulnerability

No description provided by source. Name : 2daybiz online classified system SQLi AND XSS Vulnerability Date : june, 16 2010 Vendor url :http://www.2daybiz.com/onlineclassifiedscript.html Critical Level : HIGH Author : Sid3^effects aKa HaRi shellc99atyahoo.com special thanks to : r0073r...

vSpin Classified System 2004 search.asp minprice Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data...

vSpin Classified System 2004 search.asp Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data...

vSpin Classified System 2004 cat.asp cat Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data...

Online Classified System Script SQL Injection & XSS Vulnerable

Exploit for php platform in category web applications ============================================================== Online Classified System Script SQL Injection & XSS Vulnerable ==============================================================...

Online Classified System Script - SQL Injection / Cross-Site Scripting

1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Online Classified System Script SQLi and XSS Vulnerable Vendor url:http://www.2daybiz.com/ Version:1...

2DayBiz Online Classified System - SQL Injection Cross-Site Scripting

2DayBiz Online Classified System - SQL Injection Cross-Site Scripting Name : 2daybiz online classified system SQLi AND XSS Vulnerability Date : june, 16 2010 Vendor url :http://www.2daybiz.com/onlineclassifiedscript.html Critical Level : HIGH Author : Sid3^effects aKa HaRi special thanks to :...

2DayBiz Online Classified System - SQL Injection / Cross-Site Scripting

Name : 2daybiz online classified system SQLi AND XSS Vulnerability Date : june, 16 2010 Vendor url :http://www.2daybiz.com/onlineclassifiedscript.html Critical Level : HIGH Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd CruSad3r,MaYur,gunslinger greetz to :All ICW...

CVE-2006-6152

Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to a cat.asp, or the 2 keyword, 3 order, 4 sort, 5 menuSelect, or 6 state parameter to b search.asp...

CVE-2006-6153

Multiple cross-site scripting XSS vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via 1 catname parameter to cat.asp or the 2 minprice parameter to search.asp...

CVE-2006-6152

The CVE-2006-6152 issue affects vSpin.net Classified System 2004. Affected component: two ASP endpoints, cat.asp and search.asp. Vulnerability: multiple SQL injection vectors via parameters (cat on cat.asp; keyword, order, sort, menuSelect, state on search.asp). Impact: allows remote attackers to...

CVE-2006-6153

Multiple cross-site scripting XSS vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via 1 catname parameter to cat.asp or the 2 minprice parameter to search.asp...

CVE-2006-6153

CVE-2006-6153 affects the vSpin.net Classified System 2004. The vulnerability consists of multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) catname in cat.asp and (2) minprice in search.asp. The underlyin...

CVE-2006-6152

Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to a cat.asp, or the 2 keyword, 3 order, 4 sort, 5 menuSelect, or 6 state parameter to b search.asp...

PT-2006-6787 · Vspin.Net · Vspin.Net Classified System 2004

Name of the Vulnerable Software and Affected Versions: vSpin.net Classified System 2004 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be...

Classified System [injection sql]

vendor site: http://www.vspin.net/ product :Classified System bug:injection sql risk : medium injection sql : /cat.asp?cat='sql /search.asp?in=y&keyword='sql /search.asp?in=y&keyword=1&submit=Search&order='sql /search.asp?in=y&keyword=1&submit=Search&order=tblclassads.colid&sort='sql...

classsys.txt

vendor site: http://www.vspin.net/ product :Classified System bug:injection sql risk : medium injection sql : /cat.asp?cat='sql /search.asp?in=y&keyword='sql /search.asp?in=y&keyword=1&submit=Search&order='sql /search.asp?in=y&keyword=1&submit=Search&order=tblclassads.colid&sort='sql...

vSpin Classified System 2004 - 'search.asp?minprice' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data. Exploiting these issues could all...