Bugtraq mailing list archives
episodex guestbook security bypass & html injection
From: farhad koosha <farhadkey () yahoo com>
Date: 20 May 2005 02:25:26 -0000
Vendor URL : http://www.episodex.de HTML Injection : "Name" & other fields in "default.asp" are not validated. Script code will be executed in the user's browser session, when the entry is viewed. Security Bypass : It is possible to edit settings without authentication by accessing the scripts "admin.asp" http://www.bahadorlover.com 3nitroToloen (!)
Current thread:
- episodex guestbook security bypass & html injection farhad koosha (May 20)