Ivan Marković

Security consultant and researcher

Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company..

Contact via Linkedin or read interesting staff on Twitter.

Link CMS Cross-Site Scripting and SQL Injection

Link CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

http://www.securityfocus.com/bid/21464/info
https://www.exploit-db.com/exploits/29232/
https://www.exploit-db.com/exploits/29233/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6387