Description - BBCode img XSS and SQL-inj in discussion-xhawk.net
Multiple Vulnerabilities found in discussion script.
- Exploit
- Available
- Solution
- Not available - check xhawk.net website
1. 'img' BBCode Cross-Site Scripting Vulnerability
BBCode tag [img] isn't properly sanitized. This can be used to insert arbitrary JavaScript code. This code will be executed by visitor's browser in context of the affected site.
2. SQL Injection Vulnerability.
Vulnerable script: discussion.class..php
Variable $view isn't properly sanitized before being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Order Source Code Review made by eVuln team
Protect a website by source code review of a website or web application made by eVuln team.The work will be done by experts in web application security.