Description - multiple XSS and SQL Injection in Shoutbox

Multiple Vulnerabilities found in Shoutbox script.

Exploit
Available
Solution
Not available - check vendor's website

Most of user defined data isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code (authorization or viewing blog and forum) or insert any javascript code (when posting new messages).

Condition for SQL Injections: magic_quotes_gpc - off

Order Source Code Test

Check a website or web application by source code audit of your website done by Aliaksandr Hartsuyeu.The order will be done by experts in website security.

Advisories by vuln type