Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting XSS vulnerability found via injection in the parameter address
# 1  
Old 09-09-2017
XSS vulnerability found via injection in the parameter address
Mods please move if posted in wrong section, I wasnt sure where to ask this one.

There are several of us that use an open source program called yiimp,
Code:
https://github.com/tpruvot/yiimp

several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability can be fixed quickly.

I believe the offending file is
Code:
/modules/site/wallet.php

my security scan shows
Code:
GET /?address=String.fromCharCode%280%2Cw6w7atn4rh%2C1%29 HTTP/1.1

for the vulnerability
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Parameter not found.. pass in a uppercase

hi guys i am trying to convert a uppercase var to a lowercase var and the result is pass in to another var. But i kept getting error from the variable that will be containing the result of the conversion of uppercase to the lowercase. DB_SID=TEST DB_SID_SM=/opt/$DB_SID | tr ''... (5 Replies)
Discussion started by: redologger
5 Replies

2. IP Networking

IP Address not found in ifconfig/netstat

I'm working on an AIX Unix LPAR (AIX 3.5 00C3C9904C00 as returned by uname -a) I can access this box using telnet, port 22 using adress IP A and B A=AA.AA.XX.XX and B=AA.AA.YYY.YYY I can confirm these 2 are the same space, I can see I can't find address B listed anywhere... so I wonder what... (1 Reply)
Discussion started by: Isax50
1 Replies

3. News, Links, Events and Announcements

UUCP Vulnerability found in Linux

NEWS: UUCP vulnerability found in the command line argument handling of uucp which could be exploited by a local user to obtain uucp uid/gid. http://www.linuxhelp.net/article.pl?sid=02/02/20/0335219&mode=&threshold= (1 Reply)
Discussion started by: killerserv
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

themole

THEMOLE(1)						      General Commands Manual							THEMOLE(1)

NAME

       themole - automatic SQL injection exploitation tool

SYNOPSIS

       themole [ -h ] [ -u url ] [ -n needle ] [-t num_threads]

DESCRIPTION

       The Mole is a command line interface SQL Injection exploitation tool.  This application is able to exploit both union-based and blind bool-
       ean-based injections.

       Every action The Mole can execute is triggered by a specific command.  All this application requires in order to exploit a SQL Injection is
       the URL(including the parameters) and a needle(a string) that appears in the server's response whenever the injection parameter generates a
       valid query, and does not appear otherwise.

OPTIONS

       -h     Shows the help message and exits.

       -u url Sets the url of the mole's instance to url.

       -n needle
	      Sets the needle of the mole's instance to needle. It must be a string that appears when the injection returns  true  and	disappears
	      when the injection is false.

       -t threads
	      Sets the max number of concurrent requests that the mole will be making.	Cannot be changed at runtime.

SEE ALSO

       The program provides interactive documentation, refer also to the official README file.

AUTHOR

       This manual page was written by Santiago Alessandri <salessandri@nasel.com.ar>

								 November 24 2011							THEMOLE(1)