Exploit Database - Logo

W-Agora 4.2.1 - profile.php showuser Parameter Cross-Site Scripting

EDB-ID: 29764 Author: laurent gaffie Published: 2007-03-20
CVE: CVE-2007-1606 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/23057/info

w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

w-Agora 4.2.1 is vulnerable. 

http://www.example.com/w-agora/profile.php?site=hello&showuser='"><script>alert(document.cookie)</script>

Related Exploits

Trying to match CVEs (1): CVE-2007-1606
Trying to match OSVDBs (1): 34377
Other Possible E-DB Search Terms: W-Agora 4.2.1,  W-Agora
Date D V Title Author
2010-10-27Download Exploit Code Verified W-Agora 4.1.5 - Local File Inclusion / Cross-Site ScriptingMustLive
2011-05-30Download Exploit Code Waiting verification w-Agora Forum 4.2.1 - Arbitrary File UploadTreasure Pr...
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'add_user.php' bn_dir_default Parameter Remote File InclusionZoRLu
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'create_forum.php' bn_dir_default Parameter Remote File InclusionZoRLu
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'create_user.php' bn_dir_default Parameter Remote File InclusionZoRLu
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'delete_notes.php' bn_dir_default Parameter Remote File InclusionZoRLu
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'delete_user.php' bn_dir_default Parameter Remote File InclusionZoRLu
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'edit_forum.php' bn_dir_default Parameter Remote File InclusionZoRLu
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'mail_users.php' bn_dir_default Parameter Remote File InclusionZoRLu
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'moderate_notes.php' bn_dir_default Parameter Remote File InclusionZoRLu
2008-03-20Download Exploit Code Verified W-Agora 4.0 - 'reorder_forums.php' bn_dir_default Parameter Remote File InclusionZoRLu
2004-09-30Download Exploit Code Verified W-Agora 4.1.6 - a 'login.php' loginuser Parameter Cross-Site ScriptingAlexander A...
2004-09-30Download Exploit Code Verified W-Agora 4.1.6 - a download_thread.php thread Parameter Cross-Site ScriptingAlexander A...
2004-09-30Download Exploit Code Verified W-Agora 4.1.6 - a forgot_password.php userid Parameter Cross-Site ScriptingAlexander A...
2004-09-30Download Exploit Code Verified W-Agora 4.1.6 - a redir_url.php key Parameter SQL InjectionAlexander A...
2004-09-30Download Exploit Code Verified W-Agora 4.1.6 - a subscribe_thread.php HTTP Response SplittingAlexander A...
2002-12-22Download Exploit Code Verified W-Agora 4.1.6 - EditForm.php Cross-Site Scriptingxatr0z
2002-06-10Download Exploit Code Verified W-Agora 4.1.x - Remote File Inclusionfrog
2006-04-29Download Exploit Code Verified W-Agora 4.2 - BBCode Script Injectionr0xes
2005-08-18Download Exploit Code Verified W-Agora 4.2 - Site Parameter Directory Traversalmatrix_killer
2007-12-30Download Exploit Code Verified w-Agora 4.2.1 - 'cat' Parameter SQL InjectionIHTeam
2007-03-20Download Exploit Code Verified W-Agora 4.2.1 - 'change_password.php' userid Parameter Cross-Site Scriptinglaurent gaffie
2010-10-22Download Exploit Code Verified W-Agora 4.2.1 - 'search.php3 bn' Parameter Traversal Local File InclusionMustLive
2007-03-20Download Exploit Code Verified W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilitieslaurent gaffie
2010-10-22Download Exploit Code Verified W-Agora 4.2.1 - search.php bn Parameter Cross-Site ScriptingMustLive
Menu