Bugtraq mailing list archives
[MajorSecurity #10]i.List <= 1.5 - XSS
From: admin () majorsecurity de
Date: 8 Jun 2006 17:45:29 -0000
[MajorSecurity #10]i.List <= 1.5 - XSS ---------------------------------------- Software: i.List Version: <=1.5 Type: XSS Date: June, 8th 2006 Vendor: Skoom Page: http://skoom.de Credits: ------------------------------- David 'Aesthetico' Vieira-Kurz http://www.majorsecurity.de Affected Products: ------------------------------- i.List 1.5 and prior Description: ------------------------------- i.List is a php/mysql TOPLIST script. Requirements: ------------------------------- register_globals = On Vulnerability: ------------------------------- Input passed to the Inputbox in "search.php", the 'URL' inputbox and 'ButtonURL' in "add.php" is not properly filtered and verified, before it is used. This can be exploited to execute evil XSS-code. Solution: ------------------------------- Edit the source code to ensure that input is properly sanitised. Set "register_globals" to "Off". Exploitation: ------------------------------- In the inputbox of /search.php: Search for: <script>alert("MajorSecurity")</script> In the inputbox 'URL' of add.php: Type in as URL: <script>alert("MajorSecurity")</script> In the inputbox 'ButtonURL' of add.php: Type in as URL: <script>alert("MajorSecurity")</script>
Current thread:
- [MajorSecurity #10]i.List <= 1.5 - XSS admin (Jun 08)