[VIM] YLZH(right.php)Cross Site Scripting (fwd)

security curmudgeon jericho at attrition.org
Tue Jun 6 03:24:19 EDT 2006

Oh how we are loving these disclosures! While doing a fast search on this, 
google "inurl:right.php?deptid" comes up with something interesting. I 
know adding the variable like that isn't condusive to finding info usually 
but check this:


Database Error - [ Translate this page ]
Database error in ylzh : Invalid SQL: select deptname, typename,deptype 
from depart d join type t on t.deptid=d.deptid where t.deptid=97 and 
t.typeid='488' ...
typeid=488&PHPSESSID=4ba8943727956054e0242f1b385c3043 - 2k -

---------- Forwarded message ----------
From: Breeeeh at hotmail.com
To: bugtraq at securityfocus.com
Date: 23 May 2006 12:13:02 -0000
Subject: YLZH(right.php)Cross Site Scripting

Discovery By: Breeeeh
Site: www.alshmokh.com
E-mail: Breeeeh at hotmail.com


More information about the VIM mailing list