Description - img BBCode XSS and Cookie SQL Injection in EKINboard

Multiple Vulnerabilities found in EKINboard script.

Exploit
Available
Solution
Available

1. 'img' BBCode Cross-Site Scripting Vulnerability.

Arbitrary JavaScript code insertion is possible in BBcode [img].

2. Cookie 'username' SQL Injection Vulnerability

Vulnerable Script: config.php

Variables $_COOKIE['username'] $_COOKIE['password'] are not properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.

Order Source Code Testing made by eVuln

You may order source code testing of your website or web application done by eVuln team.The work will be done by specialists in web security.

Advisories by vuln type