Description - SQL Injection and XSS Vulnerabilities in MWNewsletter
Multiple Vulnerabilities found in MWNewsletter script.
- Exploit
- Available
- Solution
- Not available - check Manic Web website
1. SQL Injection.
Vulnerable script: unsubscribe.php
Parameter user_name is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
2. Cross-Site Scripting.
Vulnerable Script: subscribe.php
Parameter user_name is not properly sanitized. This can be used to post arbitrary HTML or web script code.
Order Source Code Testing made by eVuln team
Prevent hacker attacks by source code review of your website done by eVuln team.The work will be done by experts in website security.