[VIM] YLZH(right.php)Cross Site Scripting (fwd)
security curmudgeon
jericho at attrition.org
Tue Jun 6 03:24:19 EDT 2006
Oh how we are loving these disclosures! While doing a fast search on this,
google "inurl:right.php?deptid" comes up with something interesting. I
know adding the variable like that isn't condusive to finding info usually
but check this:
http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Aright.php%3Fdeptid&btnG=Search
Database Error - [ Translate this page ]
Database error in ylzh : Invalid SQL: select deptname, typename,deptype
from depart d join type t on t.deptid=d.deptid where t.deptid=97 and
t.typeid='488' ...
www.hndrc.gov.cn/right.php?deptid=97&
typeid=488&PHPSESSID=4ba8943727956054e0242f1b385c3043 - 2k -
---------- Forwarded message ----------
From: Breeeeh at hotmail.com
To: bugtraq at securityfocus.com
Date: 23 May 2006 12:13:02 -0000
Subject: YLZH(right.php)Cross Site Scripting
==========================
Discovery By: Breeeeh
Site: www.alshmokh.com
E-mail: Breeeeh at hotmail.com
==========================
Example:
/right.php?deptid=[XSS]
More information about the VIM
mailing list