Exploit Database - Logo

Tunez 1.21 - search.php searchFor Parameter Cross-Site Scripting

EDB-ID: 26566 Author: r0t3d3Vil Published: 2005-11-23
CVE: CVE-2005-3834 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/15548/info
 
Tunez is prone to multiple input validation vulnerabilities.
 
The application is affected by an SQL injection vulnerability and a cross-site scripting issue.
 
Successful exploitation of the SQL injection issue could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
 
The cross-site scripting issue may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/tunez/search.php?action=doSearch&searchFor=[code]&search_type=all

Related Exploits

Trying to match CVEs (1): CVE-2005-3834
Trying to match OSVDBs (1): 21063
Other Possible E-DB Search Terms: Tunez 1.21,  Tunez
Date D V Title Author
2005-11-23Download Exploit Code Verified Tunez 1.21 - songinfo.php song_id Parameter SQL Injectionr0t3d3Vil
Menu