Opial Version 1.0 ~ SQL Inj. & XSS Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Opial Version 1.0 ~ SQL Inj. & XSS Vuln.

Madde
	Author : Bug Researchers/Kadir DOGAN
	Date : 12.07.2009 21:30:11
	# Opial Version 1.0 ~ SQL Inj. & XSS Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : Opial Version 1.0 # Vulnerable Type : Cross Site Scripting & SqL Injections # Infection : Yönetici ve User cookie’leri çalinabilir. , Yönetici hesab bilgileri çalinabilir. # Bug Fix Advice : XSS Fix = Zararli karakterler filtrelenmelidir. , Sql Inj. Fix = Degiskenler Sadece Integer Alacak Sekilde Düzenlenmeli # Demo : http://www.opial.com/demo # author : Bug Researchers \| Kadir DOGAN ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > /flashplayer.php?sng=[SqL] /artistdetail.php?artistid=[SqL] /topdownloads.php?genres_parent=[Xss] /flashplayer.php?sng=[Xss] < -- bug code end of -- >