Description - SQL Injection and XSS Vulnerabilities in indexcity
Multiple Vulnerabilities found in indexcity script.
- Exploit
- Available
- Solution
- Not available - check CityForFree website
1. SQL Injection.
Vulnerable script: list.php
Parameter cate_id is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
2. Cross-Site Scripting.
Vulnerable Script: add_url2.php
Parameter url is not properly sanitized. This can be used to post arbitrary HTML or web script code.
Order Source Code Audit
Protect against hacking by source code review of your website or web application done by our team.The work will be done by experts in web security.