Description - Multiple XSS and SQL Injection in HB-NS
Multiple Vulnerabilities found in HB-NS script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
1. SQL Injection.
Vulnerable script: index.php
Parameters topic, id are not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
2. Cross-Site Scripting.
Vulnerable Script: index.php
Parameters poster_name, poster_email, poster_homepage, message are not properly sanitized. This can be used to post arbitrary HTML or web script code.
Order Source Code Review made by eVuln
Prevent hacking by source code review of a site or web application done by our team.The task will be done by specialists in website security.