PHPB2B延迟盲注可能导致获取管理员hash

简要描述： phpB2B延迟盲注，可以获取管理员的hash值 详细说明： 测试版本： 0415更新版 测试权限： 需要注册会员 测试详细： product.php 大概在69行时，判断$id为整形，后续有调用$GET‘id’，执行删除操作，导致了sql注入。 if isset$GET'do' || isset$GET'act' $do = trim$GET'do'; $action = null; ifisset$GET'action' $action = trim$GET'action'; if isset$GET'id' $id = intval$GET'id'; ..... if...

PHPB2B某处鸡肋SQL注入（默认功能不开启）

简要描述： PHPB2B v5.0某处鸡肋SQL注入（默认功能不开启） 详细说明： 文件 /libraries/core/controllers/searchcontroller.php： function construct !empty$GET && $GET = clearhtml$GET; if isset$GET'q' $this-keyword = $GET'q' = urldecodestriptagshtmlspecialchars$GET'q'; if !empty$GET'module' && inarray$GET'module',...

Unfixed XSS vulnerability at tradingkstocks.com

Security researcher Atmon3r, has submitted on 12/01/2012 a cross-site-scripting XSS vulnerability affecting tradingkstocks.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It is currently...

Cross site scripting

Cross-site scripting XSS vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action...

CVE-2012-5099

Cross-site scripting XSS vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action...

CVE-2012-5099

CVE-2012-5099 : A cross-site scripting (XSS) vulnerability exists in list.php for PHPB2B 4.1 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML through the q parameter in a search action. The connected documents confirm the affected software and the vulnerable pa...

PHPB2B Cross Site Scripting

Exploit Title: PHPB2B Cross Site Scripting Vulnerabilitiy Google Dork: "Powered by PHPB2B" Date: 1/1/2012 Author: H4ckCity Security Team Discovered By: farbodmahini Home: WwW.H4ckCity.Org Software Link: www.phpb2b.com Version: All Version Category:: webapps Security Risk:: Low Tested on: GNU/Linu...

PHPB2B 4.1 - q Cross-Site Scripting

PHPB2B 4.1 - q Cross-Site Scripting source: https://www.securityfocus.com/bid/51221/info PHPB2B is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

PHPB2B 4.1 - 'q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/51221/info PHPB2B is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Phpb2b CMS 3.4 SQL injection vulnerability-vulnerability warning-the black bar safety net

Friends o PHP open source B2B system, wherein the page. php request parameters are not filtered resulting in injection produce. Vulnerability file: page.php if isset$GET'id' $id = intval$GET'id'; $conditions = "id=".$ id; if isset$GET'name' $conditions = "name='".$ GET'name'."'";// Classic judge...