| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Photostand_1.2.0 Multiple Cross Site Scripting |
| From: | simon.itsecurity@gmail.com |
| Date: | 24 Feb 2007 10:11:00 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Photostand_1.2.0 Multiple Cross Site Scripting Vendor site : http://www.photostand.org/ Global risk : medium XSS ----- + Permanents Message & name fields are vulnerable to xss attacks. This kind of xss are pretty dangerous,because anyone who see the page gone get his cookie stolen and sended to the attackers + Non Permanant index.php?page=search&q=<script>alert(document.cookie)</script> Full Path Disclorure - ----------------------- "PHPSESSID='" will returns the full path of the file. GET /photostand_1.2.0/ HTTP/1.0 [...] Cookie: PS_STATS_VT=true;PS_STATS_VR=true;PHPSESSID=';style=[blahblah]path=/ [...] /photostand_1.2.0/index.php?page=article&id=' too. Solutions : www.php.net/htmlentities regards, Simon Bonnard contact : simon.itsecurity - at - gmail - dot- com |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | ActiveCalendar 1.2.0, Multiple vulnerabilities, simon . itsecurity |
|---|---|
| Next by Date: | Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit, s0cratex |
| Previous by Thread: | ActiveCalendar 1.2.0, Multiple vulnerabilities, simon . itsecurity |
| Next by Thread: | Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit, s0cratex |
| Indexes: | [Date] [Thread] [Top] [All Lists] |