PHP Scripts Now Riddles - '/riddles/results.php?searchQuery' Cross-Site Scripting

EDB-ID:

34902

CVE:

2009-2890

EDB Verified:

Author:

Moudi

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2009-08-20

Vulnerable App: 
source: https://www.securityfocus.com/bid/44309/info

PHP Scripts Now Riddles is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/results.php?searchquery=1<script>alert(308297104532)</script>&search=Search
Tags:
Advisory/Source: Link
Downloads Certifications Training Professional Services
Kali Linux OSCP Penetration Testing with Kali Linux (PWK) (PEN-200)
All new for 2020 		Penetration Testing
Kali NetHunter OSWP Offensive Security Wireless Attacks (WiFu) (PEN-210) Advanced Attack Simulation
Kali Linux Revealed Book OSEP Evasion Techniques and Breaching Defences (PEN-300)
All new for 2020 		Application Security Assessment
OSWE Advanced Web Attacks and Exploitation (AWAE) (WEB-300)
Updated for 2020
OSED Windows User Mode Exploit Development (EXP-301)
All new for 2021
OSEE
KLCP [Free] Kali Linux Revealed
Kali Linux Kali NetHunter Kali Linux Revealed Book
OSCP OSWP OSEP OSWE OSED OSEE KLCP
- Penetration Testing with Kali Linux (PWK) (PEN-200)
All new for 2020 Offensive Security Wireless Attacks (WiFu) (PEN-210) Evasion Techniques and Breaching Defences (PEN-300)
All new for 2020 Advanced Web Attacks and Exploitation (AWAE) (WEB-300)
Updated for 2020 Windows User Mode Exploit Development (EXP-301)
All new for 2021 [Free] Kali Linux Revealed
Penetration Testing Advanced Attack Simulation Application Security Assessment