|
|
| |
"ADOdb is a database abstraction library for PHP. There is also a Python version"
Improper handling of user input allows attackers to execute Javascript and HTML code using ADOdb. |
| |
Credit:
The information has been provided by rodrigo silva.
|
| |
ADOdb does not filter user input properly in it's parameters, allowing attackers to steal information such as cookie from the users.
Proof of Concept:
http://[site]/[patch_aplication]/adodb/tests/tmssql.php?do=<script>alert(document.cookie);</script>
|
| Subject:
|
old |
Date: |
26 Jun. 2006 |
| From: |
niknssecure.lv |
Something old.
Infact, it is code execution not XSS.
Jan 9, 2006:
http://www.osvdb.org/displayvuln.php?osvdb_id=22291 |
|
| Subject:
|
Code execution can also cause an XSS |
Date: |
28 Jun. 2006 |
| From: |
something new |
| the problem causes both code execution, and if the command fails to execute, it is printed out... causing an XSS. |
|
|
|
|
