Bomba Haber 2.0 ~ XSS Bug | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Bomba Haber 2.0 ~ XSS Bug

Madde
	Author : Bug Researchers
	Date : 11.02.2008 19:01:48
	# Bomba Haber 2.0 ~ XSS Bug [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : Bug Researchers # Vulnerable Type : Cross Site Scripting # Infection : Ilgili portalda XSS saldirilari ile hedef kullanici Cookie’leri çekilebilir. # Bug Fix Advice : Gerekli Filtrelemeler yapilmalidir. # author : Bug Researchers ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <?php $gelenhaber = $_GET[’haber’]; include ../ozellikler.php; db_baglan(); site_ozellik(); $id = 1; mysql_query(update haberler SET haberetkin = ’1’ where haberid = ’$gelenhaber’); echo <center>Haber Etkinlestirildi. Anasayfaya Yönlendiriliyorsunuz..</center>; echo <META HTTP-EQUIV=\\REFRESH\\ CONTENT=\\1;URL=index.php\\>; ?> < -- bug code end of -- >