Exploit Database - Logo

W-Agora 4.2.1 - 'profile.php?showuser' Cross-Site Scripting

EDB-ID: 29764 Author: laurent gaffie Published: 2007-03-20
CVE: CVE-2007-1606 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/23057/info

w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

w-Agora 4.2.1 is vulnerable. 

http://www.example.com/w-agora/profile.php?site=hello&showuser='"><script>alert(document.cookie)</script>
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2007-1606
Trying to match OSVDBs (1): 34377
Other Possible E-DB Search Terms: W-Agora 4.2.1,  W-Agora
Date D V Title Author
2010-10-27 Verified W-Agora 4.1.5 - Local File Inclusion / Cross-Site ScriptingMustLive
2011-05-30 Waiting verification w-Agora Forum 4.2.1 - Arbitrary File UploadTreasure Pr...
2008-03-20 Verified W-Agora 4.0 - 'add_user.php?bn_dir_default' Remote File InclusionZoRLu
2008-03-20 Verified W-Agora 4.0 - 'create_forum.php?bn_dir_default' Remote File InclusionZoRLu
2008-03-20 Verified W-Agora 4.0 - 'create_user.php?bn_dir_default' Remote File InclusionZoRLu
2008-03-20 Verified W-Agora 4.0 - 'delete_notes.php?bn_dir_default' Remote File InclusionZoRLu
2008-03-20 Verified W-Agora 4.0 - 'delete_user.php?bn_dir_default' Remote File InclusionZoRLu
2008-03-20 Verified W-Agora 4.0 - 'edit_forum.php?bn_dir_default' Remote File InclusionZoRLu
2008-03-20 Verified W-Agora 4.0 - 'mail_users.php?bn_dir_default' Remote File InclusionZoRLu
2008-03-20 Verified W-Agora 4.0 - 'moderate_notes.php?bn_dir_default' Remote File InclusionZoRLu
2008-03-20 Verified W-Agora 4.0 - 'reorder_forums.php?bn_dir_default' Remote File InclusionZoRLu
2004-09-30 Verified W-Agora 4.1.6 - 'a download_thread.php?thread' Cross-Site ScriptingAlexander A...
2004-09-30 Verified W-Agora 4.1.6 - 'a forgot_password.php?userid' Cross-Site ScriptingAlexander A...
2004-09-30 Verified W-Agora 4.1.6 - 'a redir_url.php?key' SQL InjectionAlexander A...
2002-12-22 Verified W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scriptingxatr0z
2004-09-30 Verified W-Agora 4.1.6a - 'login.php?loginuser' Cross-Site ScriptingAlexander A...
2004-09-30 Verified W-Agora 4.1.6a - 'subscribe_thread.php' HTTP Response SplittingAlexander A...
2002-06-10 Verified W-Agora 4.1.x - Remote File Inclusionfrog
2005-08-18 Verified W-Agora 4.2 - 'Site' Directory Traversalmatrix_killer
2006-04-29 Verified W-Agora 4.2 - BBCode Script Injectionr0xes
2007-12-30 Verified w-Agora 4.2.1 - 'cat' SQL InjectionIHTeam
2007-03-20 Verified W-Agora 4.2.1 - 'change_password.php?userid' Cross-Site Scriptinglaurent gaffie
2010-10-22 Verified W-Agora 4.2.1 - 'search.php3?bn' Traversal Local File InclusionMustLive
2010-10-22 Verified W-Agora 4.2.1 - 'search.php?bn' Cross-Site ScriptingMustLive
2007-03-20 Verified W-Agora 4.2.1 - 'search.php?search_user' Cross-Site Scriptinglaurent gaffie
Menu